> So then why on earth is the kernel implementing automatic updates? I read > back > through most of the cover letters, and IIUC, we went straight from "destroy > all > enclaves and force an update" to "blindly try to do EUPDATESVN every time > the > number of enclaves goes from 0=>1". Those are essentially the two most > extreme > options. > > Even worse, rejecting enclave creation on EUPDATESVN failure represents an > ABI > change, i.e. could break existing setups. > > Why not simply add an ioctl() or sysfs knob to let userspace trigger > EUPDATESVN?
Just for the record, this was my initial proposal on how to do this :) So, I personally agree with this line of thinking fully. Best Regards, Elena.
