1) Why cannot a malicious operating system read the data stored in memory that belongs to the enclave? 2) What happens if a malicious OS tries to change data stored in memory that pertains to the enclave?