Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

From: Jarkko Sakkinen
Date: Thu May 23 2019 - 04:13:50 EST


On Wed, May 22, 2019 at 03:42:45PM -0700, Andy Lutomirski wrote:
> As far as I know from this whole discussion, we still haven't come up
> with any credible way to avoid tracking, per enclave page, whether
> that page came from unmodified PROT_EXEC memory.

So is this in the context that the enclave is read from another VMA
and not through a file descriptor? Is that locked in?

/Jarkko