On 10/2/20 9:50 PM, Jarkko Sakkinen wrote: > + * Failure to explicitly request access to a restricted attribute will cause > + * sgx_ioc_enclave_init() to fail. Currently, the only restricted attribute > + * is access to the PROVISION_KEY. Could we also justify why access is restricted, please? Maybe: Access is restricted because PROVISION_KEY is burned uniquely into each each processor, making it a perfect unique identifier with privacy and fingerprinting implications. Are there any other reasons for doing it this way?
