Date: Sat, 30 Apr 2016 01:08:06 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: gregkh@linuxfoundation.org, Andy Lutomirski <luto@kernel.org>,
        Borislav Petkov <bp@suse.de>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        "open list:STAGING SUBSYSTEM" <devel@driverdev.osuosl.org>,
        Ingo Molnar <mingo@kernel.org>,
        Kristen Carlson Accardi <kristen@linux.intel.com>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        open list <linux-kernel@vger.kernel.org>,
        Mathias Krause <minipli@googlemail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wan Zongshun <Vincent.Wan@amd.com>
Subject: Re: [PATCH 0/6] Intel Secure Guard Extensions
Message-ID: <20160429220806.GA3766@intel.com>
References: <1461605698-12385-1-git-send-email-jarkko.sakkinen@linux.intel.com>
 <20160426190009.GC8162@amd>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160426190009.GC8162@amd>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 772
Lines: 17

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data.  The code
> > outside the enclave is disallowed to access the memory inside the
> > enclave by the CPU access control.
> > 
> > The firmware uses PRMRR registers to reserve an area of physical memory
> > called Enclave Page Cache (EPC). There is a hardware unit in the
> > processor called Memory Encryption Engine. The MEE encrypts and decrypts
> > the EPC pages as they enter and leave the processor package.
> 
> What are non-evil use cases for this?

Virtual TPMs for containers/guests would be one such use case.

/Jarkko