On Thu, Dec 20, 2018 at 03:12:13PM +0200, Jarkko Sakkinen wrote: > On Thu, Dec 20, 2018 at 12:32:04PM +0200, Jarkko Sakkinen wrote: > > On Wed, Dec 19, 2018 at 06:58:48PM -0800, Andy Lutomirski wrote: > > > Can one of you explain why SGX_ENCLAVE_CREATE is better than just > > > opening a new instance of /dev/sgx for each encalve? > > > > I think that fits better to the SCM_RIGHTS scenario i.e. you could send > > the enclav to a process that does not have necessarily have rights to > > /dev/sgx. Gives more robust environment to configure SGX. > > My only open for the implementation is where to swap? If it is a VMA, > whose VMA? > > Please share your views here. Not a blocker for me to work on the > implementation, though. I'll use a private shmem file up until there > is a better option. > > This ioctl API discussion is kind of meaningless for me ATM because it > does not have that much effect to the internals even if it wouldn't be > perfect in v19. Very trival to change. Oops, and after sending I realized that I started this thread asking comments about the API (I think I mentioned swapping though too) :-) The feedback has been valuable and I gained the required understanding about enclave_fd but I think that now the things have been saturated to minor details. Appreciate all the feedback so far. Sorry for a bit harsh statement. /Jarkko
