On Fri, 6 May 2022 at 20:02, Boris Petkov <bp@xxxxxxxxx> wrote: > Remember - this all started with "i wanna say that mem enc is active" and now we're so far deep down the rabbit hole... This is still something consumers need; at the moment users have no idea if data is *actually* being encrypted. I think Martin has done an admirable job going down the rabbit hole to add this functionality in the proper manner -- so it's actually accurate and useful for other use cases to that of fwupd. At the moment my professional advice to people asking about Intel memory encryption is to assume there is none, as there's no way of verifying that it's actually enabled and working. This is certainly a shame for something so promising, touted as an enterprise security feature. Richard
