On Tue, Dec 19, 2017 at 11:24:55PM +0000, Christopherson, Sean J wrote: > Exposing the token generated by the in-kernel LE doesn't affect the > kernel's power in the slightest, e.g. the kernel doesn't need a LE > to refuse to run an enclave and a privileged user can always load > an out-of-tree driver if they really want to circumvent the kernel's > policies, which is probably easier than stealing the LE's private key. If the MSRs are read-only, kernel does need an LE in order to launch enclaves if it only has the SIGSTRUCT. User with abilities to load out-of-tree driver or otherwise modify the running kernel code does not really work as an argument in to any direction. /Jarkko
