On Sun, Mar 17, 2019 at 2:18 PM Jarkko Sakkinen
<jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote:
>
> In order to provide a mechanism for devilering provisoning rights:
>
> 1. Add a new file to the securityfs file called sgx/provision that works
> as a token for allowing an enclave to have the provisioning privileges.
> 2. Add a new ioctl called SGX_IOC_ENCLAVE_SET_ATTRIBUTE that accepts the
> following data structure:
>
> struct sgx_enclave_set_attribute {
> __u64 addr;
> __u64 token_fd;
> };
Here's a potential issue:
For container use, is it reasonable for a container manager to
bind-mount a file into securityfs? Or would something in /dev make
this easier?
