i have 2 questions concerning the use of sgx and sgx sealing functionality in virtualized environments?
1. does hyper-v support sgx ?
2- would the following scenario work?
- launch a clean VM in a hyper-v VM running on top of a windows os.
- run a linux encalve 1 which seals the data to its MRSIGNER
- tearodwn the enclave and the VM
- run an enclave 2 in the host os windows (enclave 1 and enclave 2 have the same MRSIGNER)
- unseal the data which has been sealed by enclave 1
1. The answer is no. As far as I know, SGX virtualization only works with kvm and xen Framework.
2. I know that in a same platform you can seal a secret in linux and then unseal with windows by using MrSigner Policy. But whether it works with VMs is depends on the implementation.
Hope someone from sgx kernel develop team explain that.