Re: [PATCH v5 11/11] intel_sgx: driver documentation

From: Borislav Petkov
Date: Tue Nov 21 2017 - 06:12:42 EST

On Tue, Nov 21, 2017 at 01:41:45AM +0200, Jarkko Sakkinen wrote:
> In potential deployments of SGX, the owner could do this either in the
> firmware level or OS level depending whether the MSRs are configured as
> writable in the feature control.
> One option would be to have a config flag to decide whether to require
> MSRs to be writable or not.

"potential", "would", "could" - all carefully formulated. :-)

Realistically, though, I'm afraid OEMs would jump on the opportunity to
control yet another arch aspect like wasps on honey. So having a way to
override what the firmware decided for me - without even asking me -
would be RealGood(tm).


