On 10/28/21 10:39 AM, Martin Fernandez wrote: > On 10/28/21, Borislav Petkov <bp@xxxxxxxxx> wrote: >> Why cannot this be a userspace program, script, tool, whatever? > Because it's not convenient to parse dmesg. And about /proc/cpuinfo, > it tells you about TME, as a feature of the cpu but it doesn't tell > you if it is activated, and even if it is activated you will need to > be sure that you are storing your data in a region flagged with this > new attribute. > > Here we discussed about it some time ago: > http://lkml.iu.edu/hypermail/linux/kernel/2006.2/06753.html . That > comment is what triggered this patch. Martin, I don't think this interface makes any sense at all for something off of which to base firmware updates. It's just too noisy. That said, I *do* think we are going to need something similar to what you propose here because folks are going to want to target memory allocations to NUMA nodes that have encryption capabilities. But, I don't think what you've proposed here fits very well there. The ->cpu_local thing looks totally broken. It's entirely unclear what users are supposed to do when the crypto_capable file is not present.
