On Wed, 2018-06-20 at 12:28 -0400, Nathaniel McCallum wrote: > As I understand it, the current policy models under discussion look like this: > > 1. SGX w/o FLC (not being merged) looks like this: > Intel CPU => (Intel signed) launch enclave => enclaves > > 2. SGX w/ FLC, looks like this: > Intel CPU => kernel => launch enclave => enclaves > > 3. Andy is proposing this: > Intel CPU => kernel => enclaves What if MSRs are not writable after hand over to the OS? It is a legit configuration at least according to the SDM. /Jarkko
