Hi! As Gernot mentioned, enclaves run in ring 3. There's currently no possibility to implement something like kernel enclaves with SGX. To be slightly off-topic: Instead of trying to run seL4 inside SGX, one can think the other way round and use seL4 to augment SGX enclaves with trusted platform services (e.g. http://arxiv.org/abs/1701.01061).
Best, Sammey On 2018-02-27 10:47, Corey Richardson wrote: > This is email is me being kinda lazy. Does anyone know how challenging this > would actually be to pull off? I'm interested in looking into it, but can't > for a while. > > I feel like it makes sense to bootload some little stub that sets up seL4 as > the only > enclave in the system. I don't see any reason to have multiple enclaves when > using seL4. But, from this, it should be possible to get a good static root > of trust > remote attestation on Google Cloud. > > (And also, can finally implement > https://www.blackhat.com/docs/us-17/thursday/us-17-Swami-SGX-Remote-Attestation-Is-Not-Sufficient-wp.pdf) > _______________________________________________ Devel mailing list [email protected] https://sel4.systems/lists/listinfo/devel
