On 10/2/20 9:50 PM, Jarkko Sakkinen wrote:

+ * Failure to explicitly request access to a restricted attribute will cause
+ * sgx_ioc_enclave_init() to fail.  Currently, the only restricted attribute
+ * is access to the PROVISION_KEY.

Could we also justify why access is restricted, please?  Maybe:

	Access is restricted because PROVISION_KEY is burned uniquely
	into each each processor, making it a perfect unique identifier
	with privacy and fingerprinting implications.

Are there any other reasons for doing it this way?