On Tue 2018-06-19 17:59:43, Jarkko Sakkinen wrote:
On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote:
quoted
On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote:
quoted
Intel(R) SGX is a set of CPU instructions that can be used by applications
to set aside private regions of code and data. The code outside the enclave
is disallowed to access the memory inside the enclave by the CPU access
control. In a way you can think that SGX provides inverted sandbox. It
protects the application from a malicious host.
Do you intend to allow non-root applications to use SGX?
What are non-evil uses for SGX?
...because it is quite useful for some kinds of evil:
The default permissions for the device are 600.
Good. This does not belong to non-root. But question still remains:
What are some non-evil uses for SGX?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html