On Tue, Dec 07, 2021 at 11:52:54AM -0800, Dave Hansen wrote: > On 12/7/21 11:45 AM, Martin Fernandez wrote: > >> I wonder, for example, why did you choose per-node reporting rather than > >> per-region as described in UEFI spec. > > Some time ago we discussed about this and concluded with Dave Hansen > > that it was better to do it in this per-node way. > > Physical memory regions aren't exposed to userspace in any meaningful way. Well, we have /sys/firmware/memory that exposes e820... > An ABI that says "everything is encrypted" is pretty meaningless and > only useful for this one, special case. > > A per-node ABI is useful for this case and is also useful going forward > if folks want to target allocations from applications to NUMA nodes > which have encryption capabilities. The ABI in this set is useful for > the immediate case and is useful to other folks. I don't mind per-node ABI, I'm just concerned that having a small region without the encryption flag set will render the entire node "not encryptable". This may happen because a bug in firmware, a user that shoot themself in a leg with weird memmap= or some hidden gem in interaction between e820, EFI and memblock that we still didn't discover. I agree that per-node flag is useful, but maybe we should also have better granularity as well. -- Sincerely yours, Mike.
