[PATCH 0/6] Intel Secure Guard Extensions
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Fri Apr 29 22:08:06 UTC 2016
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the enclave is disallowed to access the memory inside the
> > enclave by the CPU access control.
> >
> > The firmware uses PRMRR registers to reserve an area of physical memory
> > called Enclave Page Cache (EPC). There is a hardware unit in the
> > processor called Memory Encryption Engine. The MEE encrypts and decrypts
> > the EPC pages as they enter and leave the processor package.
>
> What are non-evil use cases for this?
Virtual TPMs for containers/guests would be one such use case.
/Jarkko
More information about the devel
mailing list