Not necessarily. The enclave's symmetric keys are bound to its identity, which is a hash of the memory and permission bits before the enclave starts to run. If the malware modifies the public key in the binary before it is loaded into the enclave, the enclave's identity (and its keys) will be completely different.
