Cathy,
On Wed, Mar 09 2022 at 18:40, Cathy Zhang wrote:
> Users hate reboots. This lets SGX enclaves attest to updated microcode
> without a reboot.
Users hate guesswork much more. And microcode updates without reboot are
guesswork because Intel fails to include information into the microcode
header which tells the kernel whether the update is safe to do on a
running system... Not your fault, but
> Today, many microcode updates _can_ be applied without a reboot.
> But users have strongly and specifically expressed a desire to
> perform *any* microcode update on a running system without a reboot.
That's wishful thinking. Any microcode update which changes features or
behaviour can result in inconsistent state of the kernel/system. That's
a fact and proliferating the fairy tale that *any* microcode update can
be done late is just a marketing terminological inexactitude.
Can we please stick to facts?
> This series implements the infrastructure needed to track and tear
> down bare-metal enclaves and then run EUPDATESVN. This is expected
> to be triggered by administrators via sysfs at some convenient time
> after a microcode update, probably by the microcode update tooling
> itself.
Tear down after a microcode update? This does not make any sense at all,
really. If the enclaves become inconsistent due to the microcode update
then you want to tear them down _before_ the microcode update, then
update the microcode, run EUPDATESVN and then bring them up again.
Just because it somehow works does not mean it's correct.
Thanks,
tglx
