Re: [PATCH v12 00/18] Enable FSGSBASE instructions

[Sasha Levin]

On Tue, May 26, 2020 at 06:03:35PM -0400, Don Porter wrote:
> On 5/26/20 4:27 PM, Sasha Levin wrote:
> > I'm really worried about the disconnect between how you view the current
> > state of Graphene (and the industry) vs Intel and the various cloud
> > providers.
> >
> > You keep suggesting that its just past the academic research state,
> > while Intel and the big cloud providers are already pushing it to
> > external customers.  Every one of those cloud providers has a preview/GA
> > secure enclave offering.
>
> I wonder if you are conflating Graphene with SGX?  I understand that 
> many cloud vendors are offering SGX in preview/GA, but there are other 
> frameworks to build these offerings on, such as Intel's SGX SDK or 
> Haven.  It would be news to me if every major cloud vendor were 
> putting Graphene in production.

Sorry, I wasn't trying to suggest that all cloud vendors are pushing
Graphene, but rather than SGX enabled platforms became a commodity
product, users will end up using Graphene-like applications.

Let me provide an example:
https://www.alibabacloud.com/blog/protecting-go-language-applications-with-the-graphene-library-os-on-intel%C2%AE-sgx%C2%AE-secured-alibaba-cloud_594889
- a "practical" guide on how to run Graphene in production environment
  on one of the big cloud vendor platforms. 

--
Thanks,
Sasha