Re: [PATCH 0/5] x86: Show in sysfs if a memory node is able to do encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/6/21 2:35 PM, Williams, Dan J wrote:
> On Fri, 2021-11-05 at 18:27 -0300, Martin Fernandez wrote:
>> Show for each node if every memory descriptor in that node has the
>> EFI_MEMORY_CPU_CRYPTO attribute.
> 
> The problem I have with EFI_MEMORY_CPU_CRYPTO is it that is vague what
> memory encryption technology is deployed and does not tell you anything
> about whether it is in effect or not.

Would this be better if it were more detailed than a binary 0/1 for
being crypto-capable?  We do some pretty detailed descriptions of things
like:

> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling

We could do something in this case like:

# cat /sys/devices/system/node/node0/crypto_capable
Yes, EFI CPU Crypto Capable, TME active




[Index of Archives]     [Linux Kernel Development]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux