On Tue, Dec 12, 2017 at 03:07:50PM +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications to > > set aside private regions of code and data. The code outside the enclave is > > disallowed to access the memory inside the enclave by the CPU access control. > > In a way you can think that SGX provides inverted sandbox. It protects the > > application from a malicious host. > > Would you list guarantees provided by SGX? > > For example, host can still observe timing of cachelines being > accessed by "protected" app, right? Can it also introduce bit flips? > > Pavel I'll put this in my backlog. Thank you. /Jarkko
