Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Borislav Petkov <bp@xxxxxxxxx>, Martin Fernandez <martin.fernandez@xxxxxxxxxxxxx>
Subject: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 27 Oct 2022 08:21:02 -0700
Cc: linux-kernel@xxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, platform-driver-x86@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, kunit-dev@xxxxxxxxxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mingo@xxxxxxxxxx, dave.hansen@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, hpa@xxxxxxxxx, ardb@xxxxxxxxxx, dvhart@xxxxxxxxxxxxx, andy@xxxxxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, rafael@xxxxxxxxxx, rppt@xxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, daniel.gutson@xxxxxxxxxxxxx, hughsient@xxxxxxxxx, alex.bazhaniuk@xxxxxxxxxxxxx, alison.schofield@xxxxxxxxx, keescook@xxxxxxxxxxxx
In-reply-to: <Y1pH/DuYJeo7Kyo5@zn.tnic>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2

On 10/27/22 01:57, Borislav Petkov wrote:
> Well, I still think this is not going to work in all cases. SME/TME can
> be enabled but the kernel can go - and for whatever reason - map a bunch
> of memory unencrypted.

For TME on Intel systems, there's no way to make it unencrypted.  The
memory controller is doing all the encryption behind the back of the OS
and even devices that are doing DMA.  Nothing outside of the memory
controller really knows or cares that encryption is happening.

Follow-Ups:
- Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
  - From: Borislav Petkov

References:
- [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
  - From: Martin Fernandez
- Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
  - From: Borislav Petkov
- Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
  - From: Martin Fernandez
- Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
  - From: Borislav Petkov

Prev by Date: Re: [PATCH v3 14/15] iommufd: vfio container FD ioctl compatibility
Next by Date: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
Previous by thread: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
Next by thread: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption
Index(es):
- Date
- Thread

[Index of Archives] [Linux Wireless] [Linux Kernel] [ATH6KL] [Linux Bluetooth] [Linux Netdev] [Kernel Newbies] [Share Photos] [IDE] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux ATA RAID] [Samba] [Device Mapper]