On 11/6/21 2:35 PM, Williams, Dan J wrote: > On Fri, 2021-11-05 at 18:27 -0300, Martin Fernandez wrote: >> Show for each node if every memory descriptor in that node has the >> EFI_MEMORY_CPU_CRYPTO attribute. > > The problem I have with EFI_MEMORY_CPU_CRYPTO is it that is vague what > memory encryption technology is deployed and does not tell you anything > about whether it is in effect or not. Would this be better if it were more detailed than a binary 0/1 for being crypto-capable? We do some pretty detailed descriptions of things like: > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling We could do something in this case like: # cat /sys/devices/system/node/node0/crypto_capable Yes, EFI CPU Crypto Capable, TME active
