In a nutshell, recent hardware-aided trusted execution support ensures that code and data outside the CPU is handled in an encrypted form and only decrypted, while being processed by a secured execution context inside the CPU.
Can I ask a basic question? What is code? Is code a smart contract compiled into WASM?
Iām no expert at all on this topic, but I would expect it to be more than ājustā the wasm. At least Iād expect the WASM runtime to be included, but I could see even more than that (e.g. a significant chunk of (or even the whole) operating system