Re: [PATCH v2 0/5] [RFC] x86: Export information about hardware memory encryption to sysfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/28/21 11:10 AM, Borislav Petkov wrote:
>> and even if it is activated you will need to be sure that you are
>> storing your data in a region flagged with this new attribute.
> Can you have a system where some of the memory is crypto-capable and
> some of it is not? I've never heard about such a system. At least, on
> AMD SME, all your memory gets encrypted...

Yes, unfortunately.

As an example, an Intel system with TME support will *not* encrypt data
going to Optane (aka. pmem).  That pmem might be online and being used
by the kernel as normal RAM with my fancy "kmem" DAX driver.

CXL devices will have normal RAM on them, be exposed as "System RAM" and
they won't have encryption capabilities.  I think these devices were
probably the main motivation for EFI_MEMORY_CPU_CRYPTO.



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux