On 4/8/21 8:27 AM, Jethro Beekman wrote: > But the native “executable format” for SGX is very clearly defined in > the Intel SDM as a specific sequence of ECREATE, EADD, EEXTEND and > EINIT calls. It's that sequence that's used for loading the enclave > and it's that sequence that's used for code signing. So when I say > save space I mean save space in the native format. > > Not EEXTENDing unnecessarily also reduces enclave load time if > you're looking for additional arguments. I look forward to all of this being clearly explained in your resubmission. > SGX defines lots of things and you may not see the use case for all > of this immediately. No one has a usecase for creating enclaves with > SECS.SSAFRAMESIZE = 1000 or TCS.NSSA = 3. Why did you not demand > checks for this in the ECREATE/EADD ioctls? There's a difference between adding code to support a feature and adding code to *RESTRICT* use of a feature.
