Re: [PATCH v20 00/28] Intel SGX1 support

From: Sean Christopherson
Date: Mon Apr 22 2019 - 11:01:22 EST

On Sat, Apr 20, 2019 at 11:02:47AM -0500, Dr. Greg wrote:
> We understand and support the need for the LSM to trap these events,
> but what does LSM provenance mean if the platform is compromised?
> That is, technically, the target application for SGX technology.

No, it's not. Protecting the kernel/platform from a malicious entity is
outside the scope of SGX.