On 30/04/20 13:21, Alexander Graf wrote: >> Also, would you consider a mode where ne_load_image is not invoked and >> the enclave starts in real mode at 0xffffff0? > > Consider, sure. But I don't quite see any big benefit just yet. The > current abstraction level for the booted payloads is much higher. That > allows us to simplify the device model dramatically: There is no need to > create a virtual flash region for example. It doesn't have to be flash, it can be just ROM. > In addition, by moving firmware into the trusted base, firmware can > execute validation of the target image. If you make it all flat, how do > you verify whether what you're booting is what you think you're booting? So the issue would be that a firmware image provided by the parent could be tampered with by something malicious running in the parent enclave? Paolo > So in a nutshell, for a PV virtual machine spawning interface, I think > it would make sense to have memory fully owned by the parent. In the > enclave world, I would rather not like to give the parent too much > control over what memory actually means, outside of donating a bucket of > it.
