> From: Christopherson, Sean J > Sent: Wednesday, June 19, 2019 3:24 PM > > Intended use of each permission: > > - SGX_EXECDIRTY: dynamically load code within the enclave itself > - SGX_EXECUNMR: load unmeasured code into the enclave, e.g. Graphene Why does it matter whether a code page is measured or not? > - SGX_EXECANON: load code from anonymous memory (likely Graphene) Graphene doesn't load code from anonymous memory. It loads code dynamically though, as in SGX_EXECDIRTY case. > - SGX_EXECUTE: load an enclave from a file, i.e. normal behavior Why is SGX_EXECUTE needed from security perspective? Or why isn't FILE__EXECUTE sufficient?
