On Thu, May 16, 2019 at 02:02:58PM -0700, Andy Lutomirski wrote: > That certainly *could* be done, and I guess the decision could be left > to the LSMs, but I'm not convinced this adds value. What security use > case does this cover that isn't already covered by requiring EXECUTE > (e.g. lib_t) on the enclave file and some new SIGSTRUCT right on the > .sigstruct? I guess you are right as SIGSTRUCT completely shields the memory layout and contents of an enclave. /Jarkko
