On 12/7/21, Mike Rapoport <rppt@xxxxxxxxxx> wrote: > Hi Richard, > > On Mon, Dec 06, 2021 at 07:58:10PM +0000, Richard Hughes wrote: >> On Sun, 5 Dec 2021 at 06:04, Mike Rapoport <rppt@xxxxxxxxxx> wrote: >> > On Fri, Dec 03, 2021 at 04:21:43PM -0300, Martin Fernandez wrote: >> > > fwupd project plans to use it as part of a check to see if the users >> > > have properly configured memory hardware encryption capabilities. >> > I'm missing a description about *how* the new APIs/ABIs are going to be >> > used. >> >> We're planning to use this feature in the Host Security ID checks done >> at every boot. Please see >> https://fwupd.github.io/libfwupdplugin/hsi.html for details. I'm happy >> to answer questions or concerns. Thanks! > > Can you please describe the actual check for the memory encryption and how > it would impact the HSI rating? > > I wonder, for example, why did you choose per-node reporting rather than > per-region as described in UEFI spec. Some time ago we discussed about this and concluded with Dave Hansen that it was better to do it in this per-node way. This is the archive of the relevant discussion: http://lkml.iu.edu/hypermail/linux/kernel/2006.2/06753.html
