On 3/9/22 11:01, Thomas Gleixner wrote: >> This series implements the infrastructure needed to track and tear >> down bare-metal enclaves and then run EUPDATESVN. This is expected >> to be triggered by administrators via sysfs at some convenient time >> after a microcode update, probably by the microcode update tooling >> itself. > Tear down after a microcode update? This does not make any sense at all, > really. If the enclaves become inconsistent due to the microcode update I don't think there's anything that makes the enclaves inconsistent from the microcode update itself. Let's imagine an extreme (thankfully imaginary) case: SGX has been totally broken by some attack. All running enclaves might have been compromised. A magical microcode update comes and saves the day and mitigates the attack.
