Re: [intel-sgx-kernel-dev] [PATCH v11 13/13] intel_sgx: in-kernel launch enclave
From: Jarkko Sakkinen
Date: Mon Jun 25 2018 - 05:28:05 EST
On Wed, 2018-06-20 at 12:28 -0400, Nathaniel McCallum wrote:
> As I understand it, the current policy models under discussion look like this:
>
> 1. SGX w/o FLC (not being merged) looks like this:
> Intel CPU => (Intel signed) launch enclave => enclaves
>
> 2. SGX w/ FLC, looks like this:
> Intel CPU => kernel => launch enclave => enclaves
>
> 3. Andy is proposing this:
> Intel CPU => kernel => enclaves
What if MSRs are not writable after hand over to the OS? It is a legit
configuration at least according to the SDM.
/Jarkko