On Wed, Nov 28, 2018 at 04:49:41AM -0600, Dr. Greg wrote: > We've been carrying a patch, that drops in on top of the proposed > kernel driver, that implements the needed policy management framework > for DAC fragile (FLC) platforms. After a meeting yesterday with the > client that is funding the work, a decision was made to release the > enhancements when the SGX driver goes mainline. That will at least > give developers the option of creating solutions on Linux that > implement the security guarantees that SGX was designed to deliver. We do not need yet another policy management framework to the *kernel*. The token based approach that Andy is proposing is proven and well established method to create a mechanism. You can then create a daemon to user space that decides who it wants to send tokes. /Jarkko
