On 12/1/21 11:23 AM, Reinette Chatre wrote:
Enclave page permission changes need to be approached with care and
for this reason this initial support is to allow enclave page
permission changes _only_ if the new permissions are the same or
more restrictive that the permissions originally vetted at the time the
pages were added to the enclave. Support for extending enclave page
permissions beyond what was originally vetted is deferred.
It's probably worth adding a few examples here:
* RWX => RW => RX => RW => R => RWX
* RW => R => RW
* RX => R => RX