On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the enclave is disallowed to access the memory inside the > > enclave by the CPU access control. > > > > The firmware uses PRMRR registers to reserve an area of physical memory > > called Enclave Page Cache (EPC). There is a hardware unit in the > > processor called Memory Encryption Engine. The MEE encrypts and decrypts > > the EPC pages as they enter and leave the processor package. > > What are non-evil use cases for this? Virtual TPMs for containers/guests would be one such use case. /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html