How does this philosophy handle identifiers like file names, folder structures, and especially database indexes? Seems like the server is going to need to have some knowledge of these. Unless everything is done within a secure enclave?

File and folder names containing sensitive information get encrypted with non-deterministic encryption (i.e., with random IV) and get decrypted only for displaying purposes. Software can handle GUIDs as file and folder names whereas the real names are kept encrypted.

For indexing, unpredictable data can be hashed (with a salt unique to the field). Both predictable and unpredictable data need get deterministically encrypted - usually with IV being an SHA-2 or SHA-3 hash of the data. This works for exact searches only, of course.

Even if everything is done in a secure enclave you have to trust that it's actually secure.

The secure enclave cannot be more secure than the software running inside it.

As for the trust, we generally trust the CPU manufacturers, including their implementation of encryption like the AES instructions.

It seems to me that security through compartmentalization, implemented in Qubes OS, has more advantages, including that you will not need to reimplement everything from scratch.

Qubes OS is for the end-user devices, while the approach in the article is about the server side.

I am talking more about approaches to security than specific implementations.