Hi @ya0guang, Glad to know you also got interested in this. Yes. as you mentioned, the Graphene forwards many `syscalls` to untrusted host, more specifically, `41 SGX OCALLs` to untrusted PAL layer of Graphene and do some kinds of security check. it is similar to have some `unsafe calls` to external libraries in Rust. we need to be very careful to design a mechanism to `audit` it and `filter out` unexpected behaviors according to some `terms` that can be created for untrusted Pal as a new party.
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/525#issuecomment-885082204
