On Tue, Feb 18, 2020 at 04:42:43AM -0600, Dr. Greg Wettstein wrote: > I believe an accurate summary of Dr. Beekman's concerns are as > follows: > > 1.) He envisions a need for an enclave orchestrator that uses root > privileges to open the SGX driver device and then drop privileges, > presumably in a permanent fashion. The orchestrator would then use > the filehandle to load and initialize multiple enclaves on request. > > 2.) The enclave orchestrator may be run in an environment that has > SECCOMP limitations on the ability to conduct filesystem operations. Also UDS sockets with SCM_RIGHTS should work. /Jarkko
