On Wed, May 18, 2022 at 12:53 AM Borislav Petkov <bp@xxxxxxxxx> wrote: > > On Mon, May 16, 2022 at 09:39:06AM +0100, Richard Hughes wrote: > > This is still something consumers need; at the moment users have no > > idea if data is *actually* being encrypted. > > As it was already pointed out - that's in /proc/cpuinfo. For TME you still need to compare it against the EFI memory map as there are exclusion ranges for things like persistent memory. Given that persistent memory can be forced into volatile "System RAM" operation by various command line options and driver overrides, you need to at least trim the assumptions of what is encrypted to the default "conventional memory" conveyed by platform firmware / BIOS.
