On 27 Feb 2018, at 20:47, Corey Richardson
This is email is me being kinda lazy. Does anyone know how challenging this would actually be to pull off? I'm interested in looking into it, but can't for a while.
I feel like it makes sense to bootload some little stub that sets up seL4 as the only enclave in the system. I don't see any reason to have multiple enclaves when using seL4. But, from this, it should be possible to get a good static root of trust remote attestation on Google Cloud.
Running seL4 as the trusted base on SGX would be nice. Unfortunately, SGX has a major shortcoming (which I told the Intel folks as soon as I saw it first): SG enclaves run in Ring 3. Which means there is no protection inside an enclave, you have to trust everything in there, and consequently seL4 is of no help at all. Gernot