On Wed, 19 Jun 2019, Jarkko Sakkinen wrote: > Can LSM callbacks ever non-generic when it comes to hardware? This is > the very first time I ever see such callbacks being introduced. > > I suspect that from maintainers perspective, accepting such changes for > Intel hardware, could open a pandoras box. If there's a major distro/userbase committing to ship with these hooks enabled via a supported in-tree LSM, the case for inclusion is clear. If the hooks could be generalized beyond just SGX, that would be ideal, but it's not clear if that's feasible. -- James Morris <jmorris@xxxxxxxxx>
