It would be fun to make a demo of how this co-located shell TEE would work, just as a strawman. It would basically make a session, then run “execve” or similar to swap out the entire process with something hotloaded?
Separately, this made me think of things I recall seeing but didn’t look further about dynamic code loading used in enclaves in practice:
- There’s this “Protected Code Loader” package from Intel GitHub - intel/linux-sgx-pcl: Intel(R) Software Guard Extensions Protected Code Loader for Linux* OS involves encrypting proprietary binaries, i had guessed it would use ra-tls but it appears just encryption
- The SGX.fail paper mentioned Themida, an obfuscator that CyberLink/PowerDVD used. If I understand it right, they applied the obfuscation to the bootloader program, and used that to load an encrypted binary using the (windows counterpart to the) PCL package