A system and method is provided for secure establishment of a trusted enclave among co-privileged executable code. The system comprises one or more processors; execute only memory; and one or more programs stored in the memory. The one or more programs comprise instructions to establish a trusted enclave and an untrusted enclave in kernel space code, wherein the trusted enclave and the untrusted enclave are co-privileged from the perspective of the processor. The trusted code has the ability to modify page tables and the untrusted code does not have the ability to modify page tables. Any changes to memory mappings involve the trusted code. Page tables are mapped as read-only during execution of the untrusted code and mapped as writeable only during execution of the trusted code.