Re: [PATCH v5 11/11] intel_sgx: driver documentation

From: Jarkko Sakkinen
Date: Mon Nov 20 2017 - 17:37:55 EST

On Tue, Nov 14, 2017 at 10:53:27PM +0100, Borislav Petkov wrote:
> On Tue, Nov 14, 2017 at 10:49:48PM +0200, Jarkko Sakkinen wrote:
> > Pre-boot firmware could potentially configure the root key hash for the
> > enclave that signs launch tokens for other enclaves i.e. the launch
> > enclave that is built and signed during the kbuild.
> So how about firmware doesn't do anything and the machine owner decide
> what enclaves get launched and what key hashes to load for a change?
> I.e., let the owner really own the hardware she paid money for.
> Or are we doing encrypted enclaves but then the firmware vendor can look
> inside too?
> --
> Regards/Gruss,
> Boris.

Firmware cannot access the memory inside an enclave. CPU asserts every
memory access coming outside the enclave.