Re: [PATCH 0/6] Intel Secure Guard Extensions

From: Jarkko Sakkinen
Date: Fri Apr 29 2016 - 18:08:19 EST

Next message: Yu-cheng Yu: "Re: [PATCH v4 09/10] x86/xsaves: Fix xstate_offsets, xstate_sizes for legacy components"
Previous message: Jiri Kosina: "Re: [PATCH] klp: make object/func-walking helpers more robust"
In reply to: Jarkko Sakkinen: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallowed to access the memory inside the
> > enclave by the CPU access control.
> >
> > The firmware uses PRMRR registers to reserve an area of physical memory
> > called Enclave Page Cache (EPC). There is a hardware unit in the
> > processor called Memory Encryption Engine. The MEE encrypts and decrypts
> > the EPC pages as they enter and leave the processor package.
>
> What are non-evil use cases for this?

Virtual TPMs for containers/guests would be one such use case.

/Jarkko

Next message: Yu-cheng Yu: "Re: [PATCH v4 09/10] x86/xsaves: Fix xstate_offsets, xstate_sizes for legacy components"
Previous message: Jiri Kosina: "Re: [PATCH] klp: make object/func-walking helpers more robust"
In reply to: Jarkko Sakkinen: "Re: [PATCH 0/6] Intel Secure Guard Extensions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]