On Mon, Jun 25, 2018 at 5:28 AM Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > On Wed, 2018-06-20 at 12:28 -0400, Nathaniel McCallum wrote: > > As I understand it, the current policy models under discussion look like this: > > > > 1. SGX w/o FLC (not being merged) looks like this: > > Intel CPU => (Intel signed) launch enclave => enclaves > > > > 2. SGX w/ FLC, looks like this: > > Intel CPU => kernel => launch enclave => enclaves > > > > 3. Andy is proposing this: > > Intel CPU => kernel => enclaves > > What if MSRs are not writable after hand over to the OS? It is a legit > configuration at least according to the SDM. It seems to me that "set the MSRs in the BIOS" and "set the MSRs in a UEFI module" are functionally equivalent.
