On Thu, Oct 28, 2021 at 11:28:57AM -0300, Martin Fernandez wrote:
> Userspace will just read this values and conclude (as it is right now)
> if your memory is able to do encryption.
And do what with that information?
> As I mentioned above, with the TME part, you will conclude if your
> memory is being encrypted or not, and if not, you can see why not.
> For example, if you have TME, you have it enabled but you have
> crypto_capable = 0 in your nodes, then you probably have an old BIOS
> that doesn't support UEFI 2.7, and that's why you don't have your
> memory flagged with EFI_MEMORY_CPU_CRYPTO. And then you can tell to
> the user that maybe a BIOS update will fix that.
If it is all about dumping this new EFI_MEMORY_CPU_CRYPTO
attribute for each region, you can extend efi_print_memmap() and
efi_md_typeattr_format() to show that in dmesg and not add a bunch of
code to the kernel.
If you wanna query encryption status, we have flags in /proc/cpuinfo for
that and we can add more if needed.
The stress being on "if" because from all this intro text I cannot find
a single persuasive use case.
So what is the real-life use case?
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
