On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications to > set aside private regions of code and data. The code outside the enclave is > disallowed to access the memory inside the enclave by the CPU access control. > In a way you can think that SGX provides inverted sandbox. It protects the > application from a malicious host. Would you list guarantees provided by SGX? For example, host can still observe timing of cachelines being accessed by "protected" app, right? Can it also introduce bit flips? Pavel