On Thu, Feb 20, 2020 at 07:19:13PM -0600, Dr. Greg wrote: > > > This would seem to imply that the driver is rather firmly architected > > > on the notion of one open() per enclave, a concept that Jethro seems > > > to have issues with. > > > I don't understand what concept you are talking about. > > If memory serves me correctly, Jethro envisioned a model where a > single open of the SGX driver node would return a file descriptor that > could then be used to create/load/initialize multiple enclaves. Your > clarifications indicate that a separate open will be needed for each > and every enclave instance that will be orchestrated. > > Jethro, if I'm mistating your position on this, please jump in and > clarify. Ah. You are speaking about having a factory to create enclaves and a management interface. I.e. you'd have ioctl to create enclave that gives you a file descriptor to access its management interface. Out of top of my head I cannot recall why this was not favored in the end but generally speaking added complexity should be justified by some considerably strong measures. /Jarkko
