Re: [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION

From: Dave Hansen
Date: Tue Oct 20 2020 - 17:19:31 EST

Next message: Chris Packham: "Re: [PATCH v3 3/3] net: dsa: mv88e6xxx: Support serdes ports on MV88E6123/6131"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH v3 1/3] net: dsa: mv88e6xxx: Don't force link when using in-band-status"
In reply to: Jarkko Sakkinen: "Re: [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/2/20 9:50 PM, Jarkko Sakkinen wrote:
> + * Failure to explicitly request access to a restricted attribute will cause
> + * sgx_ioc_enclave_init() to fail. Currently, the only restricted attribute
> + * is access to the PROVISION_KEY.

Could we also justify why access is restricted, please? Maybe:

Access is restricted because PROVISION_KEY is burned uniquely
into each each processor, making it a perfect unique identifier
with privacy and fingerprinting implications.

Are there any other reasons for doing it this way?

Next message: Chris Packham: "Re: [PATCH v3 3/3] net: dsa: mv88e6xxx: Support serdes ports on MV88E6123/6131"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH v3 1/3] net: dsa: mv88e6xxx: Don't force link when using in-band-status"
In reply to: Jarkko Sakkinen: "Re: [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]