On Thu, Nov 22, 2018 at 07:21:08AM -0800, Andy Lutomirski wrote: > > At a high level, addressing these issues is straight forward. First, > > the driver needs to support authorization equivalent to that which is > > implemented in the current Intel Launch Enclave, ie. control over the > > SGX_FLAGS_PROVISION_KEY attribute. > > I agree, hence my email :) Started to scratch my head that is it really an issue that any enclave can provision in the end? Direct quote from your first response: "In particular, the ability to run enclaves with the provisioning bit set is somewhat sensitive, since it effectively allows access to a stable fingerprint of the system." As can be seen from the key derivation table this does not exactly hold so you should refine your original argument before we can consider any type of change. I just don't see what it is so wrong for any enclave to be able to tell that it really is an enclave. /Jarkko