SGX demo?

[deeglaze]

The SCAI doc mentions an SGX-attested build of a binary with -fstack-protector, and I'm left wondering what the specified process is for checking the evidence in the SCAI predicate with an SGX quote. Is the environment evidence collection and evidence bundle format for attestation verification not part of the spec? This seems really close to CoRIM and its reference-values triple, but it's missing the evidence->reference checking description.

[alanssitis]

I am not too familiar with CoRIM, but you can collect additional environment attestations in conjunction with SCAI. Let me know if it doesn't make much sense.