On Mon, Sep 10, 2018 at 07:46:57PM -0700, Alison Schofield wrote: > On Mon, Sep 10, 2018 at 11:24:20AM -0700, Sakkinen, Jarkko wrote: > > On Fri, 2018-09-07 at 15:38 -0700, Alison Schofield wrote: > > > The kernel manages the MKTME (Multi-Key Total Memory Encryption) Keys > > > as a system wide single pool of keys. The hardware, however, manages > > > the keys on a per physical package basis. Each physical package > > > maintains a key table that all CPU's in that package share. > > > > > > In order to maintain the consistent, system wide view that the kernel > > > requires, program all physical packages during a key program request. > > > > > > Signed-off-by: Alison Schofield <alison.schofield@xxxxxxxxx> > > > > Just kind of checking that are you talking about multiple cores in > > a single package or really multiple packages? > > System wide pool. > System has multiple packages. > Packages have multiple CPU's. > > The hardware KEY TABLE is per package. I need that per package KEY TABLE > to be the same in every package across the system. So, I pick one 'lead' > CPU in each package to program that packages KEY TABLE. > > (BTW - I'm going to look into Kai's suggestion to move the system wide view > of this key programming into the key service. Not sure if that's a go.) Thanks. I think could be perhaps a fair addition to the documentation? /Jarkko
