Re: [PATCH v2 0/5] [RFC] x86: Export information about hardware memory encryption to sysfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 28, 2021 at 11:28:57AM -0300, Martin Fernandez wrote:
> Userspace will just read this values and conclude (as it is right now)
> if your memory is able to do encryption.

And do what with that information?

> As I mentioned above, with the TME part, you will conclude if your
> memory is being encrypted or not, and if not, you can see why not.
> For example, if you have TME, you have it enabled but you have
> crypto_capable = 0 in your nodes, then you probably have an old BIOS
> that doesn't support UEFI 2.7, and that's why you don't have your
> memory flagged with EFI_MEMORY_CPU_CRYPTO. And then you can tell to
> the user that maybe a BIOS update will fix that.

If it is all about dumping this new EFI_MEMORY_CPU_CRYPTO
attribute for each region, you can extend efi_print_memmap() and
efi_md_typeattr_format() to show that in dmesg and not add a bunch of
code to the kernel.

If you wanna query encryption status, we have flags in /proc/cpuinfo for
that and we can add more if needed.

The stress being on "if" because from all this intro text I cannot find
a single persuasive use case.

So what is the real-life use case?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux