On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote: > Intel(R) SGX is a set of CPU instructions that can be used by applications > to set aside private regions of code and data. The code outside the enclave > is disallowed to access the memory inside the enclave by the CPU access > control. In a way you can think that SGX provides inverted sandbox. It > protects the application from a malicious host. Do you intend to allow non-root applications to use SGX? What are non-evil uses for SGX? ...because it is quite useful for some kinds of evil: https://taesoo.kim/pubs/2017/jang:sgx-bomb.pdf Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
