On Tue, Nov 14, 2017 at 10:53:27PM +0100, Borislav Petkov wrote: > On Tue, Nov 14, 2017 at 10:49:48PM +0200, Jarkko Sakkinen wrote: > > Pre-boot firmware could potentially configure the root key hash for the > > enclave that signs launch tokens for other enclaves i.e. the launch > > enclave that is built and signed during the kbuild. > > So how about firmware doesn't do anything and the machine owner decide > what enclaves get launched and what key hashes to load for a change? > I.e., let the owner really own the hardware she paid money for. > > Or are we doing encrypted enclaves but then the firmware vendor can look > inside too? > > -- > Regards/Gruss, > Boris. Firmware cannot access the memory inside an enclave. CPU asserts every memory access coming outside the enclave. /Jarkko
