Date: Fri, 07 Jul 2023 17:05:43 -0700
On Friday, 7 July 2023 11:05:29 PDT Jonathan Wakely via Std-Proposals wrote:
> Does this API actually fit with how SGX works?
It doesn't.
This time I can speak with authority because I've worked with SGX and TDX. You
can either be inside of a secure enclave or outside. There's no such thing as
being in both -- if you have an insecure part, then you're insecure, period.
But if you're already wholly secure, then there's no need to do anything!
See https://github.com/opendcdiag/opendcdiag/pull/272 for a very recent commit
of mine where I *removed* support for running inside a secure enclave because
it failed to support shared memory.
> Does this API actually fit with how SGX works?
It doesn't.
This time I can speak with authority because I've worked with SGX and TDX. You
can either be inside of a secure enclave or outside. There's no such thing as
being in both -- if you have an insecure part, then you're insecure, period.
But if you're already wholly secure, then there's no need to do anything!
See https://github.com/opendcdiag/opendcdiag/pull/272 for a very recent commit
of mine where I *removed* support for running inside a secure enclave because
it failed to support shared memory.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel DCAI Cloud Engineering
Received on 2023-07-08 00:05:45