From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9DDF9C433F5
	for <linux-mm@archiver.kernel.org>; Wed,  8 Dec 2021 14:06:13 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 086846B0072; Wed,  8 Dec 2021 09:06:03 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 036FA6B0073; Wed,  8 Dec 2021 09:06:02 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E3F926B0074; Wed,  8 Dec 2021 09:06:02 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay033.a.hostedemail.com [64.99.140.33])
	by kanga.kvack.org (Postfix) with ESMTP id D0E186B0072
	for <linux-mm@kvack.org>; Wed,  8 Dec 2021 09:06:02 -0500 (EST)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 8FB4B2222C
	for <linux-mm@kvack.org>; Wed,  8 Dec 2021 14:05:52 +0000 (UTC)
X-FDA: 78894800544.01.A428432
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178])
	by imf19.hostedemail.com (Postfix) with ESMTP id 1CD91B0000A2
	for <linux-mm@kvack.org>; Wed,  8 Dec 2021 14:05:49 +0000 (UTC)
Received: by mail-lj1-f178.google.com with SMTP id bn20so4030681ljb.8
        for <linux-mm@kvack.org>; Wed, 08 Dec 2021 06:05:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=rCf0zyvgJUgHg9QQB25FrOzOLqjtx+dGIHtF5AhWskA=;
        b=Gay56VR7oXKZ61yYW2z5K9QvoVrW8L89rA0ixltHr5LjGbLNoA7io0bF8zKsp4DmjP
         jQs7eK//M3hBdOAKMU5QrWIjUIsILYd3JOHIqsakVpSG02LOm3AoE7wG9SuqPFHl2lMW
         XA/SbblXvb53io8vSasL5T1gXSlD7jefkWrMRwM0vTwc+0SjvFUNg4xmGBUpq1p2xwql
         153GBe2uYprCMRfnaX5osln0KFPbNiqxvfE5cXxvIRrRAgO3wQ/yIB53bmDyFmz6Cqhu
         EhXnwiithZcIGYmOupnyy2O57ghT5wCGXPYxGpZmZt5ZFh1VXjBjDI6pCEouXVbUFC2E
         ocOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=rCf0zyvgJUgHg9QQB25FrOzOLqjtx+dGIHtF5AhWskA=;
        b=bEUihAy4EKBLEDlsNnY1JTRpmjkIt+dW9+U/mhMz6CuZMQAfn0cRjLHvEVf/nyNOZJ
         bIkEIKyTYmjPCugQVIAAcP3dL212MuNRdYllMa3qZyvNeFHjhdTBp2oQGZomed7VXZDq
         tVjRDP8a9nVzmM+s8HJSc3uItG6kLxNuGAcXnV5LbAde6Ze7jQfpGkBTOUa8gaonXd9j
         apc30ZGALmVeN44JLCH6A4Qt7vEMH0mPDt2rzMYujuKNLJY57W4venzYqbnvt5OOkDqU
         UrU7g/OsEn8ZPVA5iu23gf2udB+K58rX5DJF1a/wfPjTEsIV+ntoaNxbwExQ+6XOCU8B
         h+DA==
X-Gm-Message-State: AOAM533U9oMINeXrK+BHL6xSK3hRdfZXFYcdiEmjULbHvv0tyz+rGu3X
	y0dqikxOLqDv11FRVZHg3599bLJVVMW1zBP+Gos=
X-Google-Smtp-Source: ABdhPJys22p+Nc7f14LfW5nZDfZN5sz0n/uzhuiDoDWANW0u5aCKvBxr4DDNPOGZvcC51LciLgu2KkgeaVdwfkOPZ0M=
X-Received: by 2002:a2e:bb98:: with SMTP id y24mr47069192lje.315.1638972348282;
 Wed, 08 Dec 2021 06:05:48 -0800 (PST)
MIME-Version: 1.0
References: <20211203192148.585399-1-martin.fernandez@eclypsium.com>
 <YaxWXACBguZxWmKS@kernel.org> <CAD2FfiG9wfeW_2xxZqBi9vsjzEJBRjJUZw+AQy1Taos4fh2TLA@mail.gmail.com>
 <Ya8MUOKPOKVfBfjJ@kernel.org>
In-Reply-To: <Ya8MUOKPOKVfBfjJ@kernel.org>
From: Richard Hughes <hughsient@gmail.com>
Date: Wed, 8 Dec 2021 14:05:36 +0000
Message-ID: <CAD2FfiEkn7dXPpCAaMdh5w8p3gXWzNABzd-nhwdTEd_AOZ7vnw@mail.gmail.com>
Subject: Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption
To: Mike Rapoport <rppt@kernel.org>
Cc: Martin Fernandez <martin.fernandez@eclypsium.com>, linux-kernel@vger.kernel.org, 
	linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, 
	linux-mm@kvack.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, 
	dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, 
	dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, 
	rafael@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, 
	alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 1CD91B0000A2
Authentication-Results: imf19.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=Gay56VR7;
	spf=pass (imf19.hostedemail.com: domain of hughsient@gmail.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=hughsient@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspamd-Server: rspam04
X-Stat-Signature: 6o4tximma5aeqaghjn5a5hubtarj7byi
X-HE-Tag: 1638972349-137092
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, 7 Dec 2021 at 07:25, Mike Rapoport <rppt@kernel.org> wrote:
> Can you please describe the actual check for the memory encryption and how
> it would impact the HSI rating?

The problem HSI is trying to solve is that customers are buying
systems where the CPU supports memory encryption, where the
motherboard and dram controller support memory encryption and where
the vendor says it's supported. But in some cases it's not working,
either because the system firmware is not working properly, or some
component requires updating to enable the feature. We're found quite a
few cases where people assumed this was all working fine, but on
looking closer, finding out that it's not working at all. The higher
HSI rating would only be available where most of the system RAM is
encrypted, although we've not worked out a heuristic number for "good
enough" yet.

> I wonder, for example, why did you choose per-node reporting rather than
> per-region as described in UEFI spec.

I think Dave is better to answer this question.

Richard.