On 10/28/21 7:28 AM, Martin Fernandez wrote: > Userspace will just read this values and conclude (as it is right now) > if your memory is able to do encryption. As I mentioned above, with > the TME part, you will conclude if your memory is being encrypted or > not, and if not, you can see why not. For example, if you have TME, > you have it enabled but you have crypto_capable = 0 in your nodes, > then you probably have an old BIOS that doesn't support UEFI 2.7, and > that's why you don't have your memory flagged with > EFI_MEMORY_CPU_CRYPTO. And then you can tell to the user that maybe a > BIOS update will fix that. > > That's what fwupd will try to do. Is it worth a new kernel ABI to give userspace a "maybe" signal? I'm leaning towards no.
