On 11/6/20 9:43 AM, Dr. Greg wrote: > In light of this, given the decision by the driver authors to not > fully equip the driver with EDMM support, the mprotect protection > requirements are straight forward and minimalistic. All that is > needed is a binary valued variable, set on the command-line, that > either allows or denies anonymous code execution by an enclave, > ie. access to page protection changes after initialization. To that, I say NAK. We need more flexibility than a boot-time-fixed, system-wide switch.
