On 2/4/22 10:28, Borislav Petkov wrote:
On Fri, Feb 04, 2022 at 10:23:22AM -0600, Limonciello, Mario wrote:
As there is interest in seeing these capabilities from userspace, it
This needs to be explained in a lot more detail: why, what is going to
use it, how, etc.
We don't do user-visible APIs just because.
As Tom agreed in previous post, Boris is mistaken here. I just double
checked on my side on a workstation that supports SME and comparing
/proc/cpuinfo before and after SME is enabled via mem_encrypt=on. I
confirmed that nothing changed.
Then we should clear that "sme" flag if memory encryption is not
enabled. Like we do for all other flags.
If we do that, then this will have to be re-worked:
https://elixir.bootlin.com/linux/latest/source/arch/x86/kernel/process.c#L761
Thanks,
Tom