On Wed, Mar 09, 2022 at 07:42:21AM -0800, Dave Hansen wrote:
> There's a little bit in the cover letter that _implies_ why EUPDATESVN
> isn't called during the actual microcode update:
>
> > This series implements the infrastructure needed to track and tear
> > down bare-metal enclaves and then run EUPDATESVN. This is expected
> > to be triggered by administrators via sysfs at some convenient time
> > after a microcode update, probably by the microcode update tooling
> > itself.
>
> This allows the (non-destructive) ucode update and the destructive
> EUPDATESVN procedure to happen at different times.
Which means, that this has even less to do with the microcode loader.
That whole glue can be somewhere in arch/x86/...sgx/ land and be
completely independent.
> If we just want to make the ucode update itself call EUPDATESVN via
> microcode_check(), that makes the ucode update itself destructive to SGX
> enclaves. That's not the end of the world, but this series is going to
> some amount of trouble (including new ABI) to avoid it.
>
> Perhaps we need to hear more about why this is so much of an issue.
Yah, it all sounds weird.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
