I do a core dump on this code and grep to see if I can find the string “hello” and I am still finding it… but shouldn’t I not be able to find it because the function Seal() converts the buffer into an enclave and everything in an enclave is encrypted.
The "hello" string constant is likely compiled into the binary or statically initialized at program start. If you use a non-literal (e.g. from user input, network request, etc.) and then garbage collect the slice data after you create a memguard buffer from it, you probably won’t be able to recover it from a program dump.
Data written into the enclave is automatically encrypted using AES-256 in GCM mode before being stored in memory. This encryption happens transparently within the Memguard library.