Hi, I'm totally newbie at Intel SGX, and I want to ask about whitelist.
I have already read
Enclave Signing Tool for Intel Software Guard Extensions (Intel SGX) and
Overview on Signing and Whitelisting for Intel Software Guard Extension (Intel SGX) Enclaves Documents
but still remains some questions
- How are the whitelist and expiration of sign updated? Is it done online? If so, can the released SGX application only run in online environment?
- If an ISV (Independent Software Vendor) of SGX application is registered on the whitelist, then does not the same ISV have to be whitelisted when developing another SGX application? or maybe an ISV does not have to ask only for a commercial license agreement again, but should ask for whitelisting again?