Re: [PATCH v11 00/13] Intel SGX1 support
From: Jarkko Sakkinen <hidden>
Date: 2018-06-19 15:00:12
Also in:
kvm, linux-doc, lkml, platform-driver-x86
From: Jarkko Sakkinen <hidden>
Date: 2018-06-19 15:00:12
Also in:
kvm, linux-doc, lkml, platform-driver-x86
On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote:
On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote:quoted
Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. In a way you can think that SGX provides inverted sandbox. It protects the application from a malicious host.Do you intend to allow non-root applications to use SGX? What are non-evil uses for SGX? ...because it is quite useful for some kinds of evil:
The default permissions for the device are 600. /Jarkko