On Tue 2018-06-19 17:59:43, Jarkko Sakkinen wrote: > On Tue, Jun 12, 2018 at 12:50:12PM +0200, Pavel Machek wrote: > > On Fri 2018-06-08 19:09:35, Jarkko Sakkinen wrote: > > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > > to set aside private regions of code and data. The code outside the enclave > > > is disallowed to access the memory inside the enclave by the CPU access > > > control. In a way you can think that SGX provides inverted sandbox. It > > > protects the application from a malicious host. > > > > Do you intend to allow non-root applications to use SGX? > > > > What are non-evil uses for SGX? > > > > ...because it is quite useful for some kinds of evil: > > The default permissions for the device are 600. Good. This does not belong to non-root. But question still remains: What are some non-evil uses for SGX? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature