On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote: > On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to set aside private regions of code and data. The code outside the enclave > > is disallowed to access the memory inside the enclave by the CPU access > > control. In a way you can think that SGX provides inverted sandbox. It > > protects the application from a malicious host. > > Do you intend to allow non-root applications to use SGX? > > What are non-evil uses for SGX? > > ...because it is quite useful for some kinds of evil: The default permissions for the device are 600. /Jarkko
