On Mon, Apr 06, 2020 at 02:01:38PM +0300, Topi Miettinen wrote: > On 6.4.2020 9.42, Jethro Beekman wrote: > > On 2020-04-04 09:27, Topi Miettinen wrote> Then initramfs should make a similar exception as with v86d and grant exec to /dev. > > > > I'm not sure this is a reasonable approach. Expect most devices with an Intel processor will have the SGX device going forward. Then, no one is using noexec, so why have this logic at all? > > Intel does not control the whole market yet, does AMD also offer SGX or > similar? Will SGX be also available for consumer devices? Are distros going > to enable SGX, will it benefit their users somehow? It has a strong user base, yes. That's the whole reason for upstreaming it (like always). It has been available on all CPUs since Skylake. /Jarkko
