On Thu, Oct 28, 2021 at 11:28:57AM -0300, Martin Fernandez wrote: > Userspace will just read this values and conclude (as it is right now) > if your memory is able to do encryption. And do what with that information? > As I mentioned above, with the TME part, you will conclude if your > memory is being encrypted or not, and if not, you can see why not. > For example, if you have TME, you have it enabled but you have > crypto_capable = 0 in your nodes, then you probably have an old BIOS > that doesn't support UEFI 2.7, and that's why you don't have your > memory flagged with EFI_MEMORY_CPU_CRYPTO. And then you can tell to > the user that maybe a BIOS update will fix that. If it is all about dumping this new EFI_MEMORY_CPU_CRYPTO attribute for each region, you can extend efi_print_memmap() and efi_md_typeattr_format() to show that in dmesg and not add a bunch of code to the kernel. If you wanna query encryption status, we have flags in /proc/cpuinfo for that and we can add more if needed. The stress being on "if" because from all this intro text I cannot find a single persuasive use case. So what is the real-life use case? Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette