On Thu, Jan 10, 2019 at 01:36:15PM -0800, Andy Lutomirski wrote: > > Does it even matter if just leave EINITTOKENKEY attribute unprivileged > > given that Linux requires that MSRs are writable? Maybe I'll just > > whitelist that attribute to any enclave? > > > > I would at least make it work like the PROVISIONKEY bit (or whatever > it's called). Or just deny it at first. It's easy to start allowing > it if we need to down the road, but it's harder to start denying it. I think that would be a great idea to add another file to securityfs for this. Would fit perfectly to your "systemd privilege sharing" daemon example. Here consistency would be really nice. /Jarkko
