On 1/20/21 3:36 PM, Kai Huang wrote: > I actually feel the function name already explains what the function does > clearly, therefore I don't think even comment is needed. To be honest I > don't know how to rephrase here. Perhaps: > > /* Update SGX LEPUBKEYHASH MSRs of the platform. */ Whee! I'm gonna write me a function comment! /* * A Launch Enclave (LE) must be signed with a public key * that matches this SHA256 hash. Usually overwrites Intel's * default signing key. */ So, this isn't a one-liner. *But*, it tells us what "le" means, what "pubkey" means and implies that there need to be 4x64-bits worth of MSR writes to get to a SHA256 hash. It also tells what it's usually doing here: overwriting Intel's blasted hash. It sure beats the entirely uncommented for loop that we've got today.
