[PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION
Dave Hansen
dave.hansen at intel.com
Tue Oct 20 21:19:26 UTC 2020
On 10/2/20 9:50 PM, Jarkko Sakkinen wrote:
> + * Failure to explicitly request access to a restricted attribute will cause
> + * sgx_ioc_enclave_init() to fail. Currently, the only restricted attribute
> + * is access to the PROVISION_KEY.
Could we also justify why access is restricted, please? Maybe:
Access is restricted because PROVISION_KEY is burned uniquely
into each each processor, making it a perfect unique identifier
with privacy and fingerprinting implications.
Are there any other reasons for doing it this way?
More information about the Linux-security-module-archive
mailing list