From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B5817C433EF
	for <linux-mm@archiver.kernel.org>; Mon, 16 May 2022 08:39:20 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0BA1D6B0071; Mon, 16 May 2022 04:39:20 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 069CA6B0072; Mon, 16 May 2022 04:39:20 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E9A976B0073; Mon, 16 May 2022 04:39:19 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id D6A9F6B0071
	for <linux-mm@kvack.org>; Mon, 16 May 2022 04:39:19 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay12.hostedemail.com (Postfix) with ESMTP id A8DD01211B8
	for <linux-mm@kvack.org>; Mon, 16 May 2022 08:39:19 +0000 (UTC)
X-FDA: 79470956838.03.B1D15FF
Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42])
	by imf31.hostedemail.com (Postfix) with ESMTP id B61F2200B4
	for <linux-mm@kvack.org>; Mon, 16 May 2022 08:38:52 +0000 (UTC)
Received: by mail-lf1-f42.google.com with SMTP id bu29so24588597lfb.0
        for <linux-mm@kvack.org>; Mon, 16 May 2022 01:39:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=58VJTyS91eGqmdDXfaHsOWtLLXLnqdoRzKRAXC8kYBg=;
        b=YVTJUSj/06UfDPLrm20dENmoGpPw2RJnksjmdtiMqOazR5RCC88+ZWL6zRO18B/o/B
         9y/kX/HElg8zwwc6TZ5LZQET02cIH1M1OFTXBOSeyOgSS6KNwYbAuCjzIxCuLbxvjsDD
         8EyhjCSDPM1Plw3hWzHYzL/z5yoiDWwlNvpZSXmFpi0t3lhmU2Bv1J8zGdXMJKFZHjJF
         rUhIAPPwq+z+xJhJMOjJLVUwp60NbkpUQqNqPldCGMvk3ZrIKrm+GFvaurLQHmTVARhm
         hDlKB2gdpPNayypGBUyaAuvpNymHS80rgVgB42nObLLsRGHhih+TH6JYo91Vsw4A0Kg1
         yOMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=58VJTyS91eGqmdDXfaHsOWtLLXLnqdoRzKRAXC8kYBg=;
        b=xUruRdWEayUHlv3iQhz3/KNeHcRJIifuZYL3bibEaA6w89WGf4fsWKCZUT0AIYyJqR
         +1IuXXOzebaZsz8MSCkGEmmc1ii7Edka0Kz3IaRaPFbCAOUVMt8SGfA2sxdoAUcoVWEV
         Yu334CboycYPTc6koEp9vz5ow+IUs7tXUQiTdVvcorITv3Hg4bt+oAralj46+85n6tjM
         rCdfOVa1DkeGci5HSvTA9nUrMX2V71o54bNPcuXcPaLoeoZaiTkzan1rudUawIHUFMEx
         5IxrytqtbhtoC7TnJ93n4W0cuhY2C0Qe6TOwkmq2Cs9k7yXQfNQtO4P/SjwqiYKrp6tt
         XZvQ==
X-Gm-Message-State: AOAM531ndl/a6zCpuexsC26HOsK/8g9j1IW95MZpwLWA2z5Ofwognz5z
	b+ET+SHvnDtbzQWDzHKXo/9Pf0pje0MKDLpfMpE=
X-Google-Smtp-Source: ABdhPJxEEbo+EAFfwfotAw1nk3krfv5ObqZpSLA1blGFWBxMNNAv0SeoagqdByHHQifh2R6BT5Gjsga8Q/x372A24ZQ=
X-Received: by 2002:ac2:5456:0:b0:471:f9e6:7388 with SMTP id
 d22-20020ac25456000000b00471f9e67388mr11665162lfn.504.1652690357642; Mon, 16
 May 2022 01:39:17 -0700 (PDT)
MIME-Version: 1.0
References: <20220429201717.1946178-1-martin.fernandez@eclypsium.com>
 <YnKr+aMf4PspDpHZ@zn.tnic> <CAKgze5YDD02AsrF0yESv2sptZ4qxyTMgCDmnOKcbQWjKQsJRsw@mail.gmail.com>
 <YnUYLDjIThbIz/Uf@zn.tnic> <6d90c832-af4a-7ed6-4f72-dae08bb69c37@intel.com>
 <CAPcyv4i73m6iPPfJE9CBdxf-OWGXahvGqvh6G-pqVO=3LB6ktQ@mail.gmail.com>
 <47140A56-D3F8-4292-B355-5F92E3BA9F67@alien8.de> <6abea873-52a2-f506-b21b-4b567bee1874@intel.com>
 <FDABC5C8-B80A-4977-9F97-5A8FC47F69D6@alien8.de> <4bc56567-e2ce-40ec-19ab-349c8de8d969@intel.com>
 <CE52D65A-C9F4-408D-B18A-72D87495A433@alien8.de>
In-Reply-To: <CE52D65A-C9F4-408D-B18A-72D87495A433@alien8.de>
From: Richard Hughes <hughsient@gmail.com>
Date: Mon, 16 May 2022 09:39:06 +0100
Message-ID: <CAD2FfiHe3hCSNHEA0mSWPbH4LEWhj+FgxkhO83U1GgYEJR6wrw@mail.gmail.com>
Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption
To: Boris Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>, Dan Williams <dan.j.williams@intel.com>, 
	Martin Fernandez <martin.fernandez@eclypsium.com>, 
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, linux-efi <linux-efi@vger.kernel.org>, 
	platform-driver-x86@vger.kernel.org, Linux MM <linux-mm@kvack.org>, 
	"H. Peter Anvin" <hpa@zytor.com>, daniel.gutson@eclypsium.com, 
	Darren Hart <dvhart@infradead.org>, Andy Shevchenko <andy@infradead.org>, 
	Kees Cook <keescook@chromium.org>, Andrew Morton <akpm@linux-foundation.org>, 
	Ard Biesheuvel <ardb@kernel.org>, Ingo Molnar <mingo@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, 
	Dave Hansen <dave.hansen@linux.intel.com>, "Rafael J. Wysocki" <rafael@kernel.org>, X86 ML <x86@kernel.org>, 
	"Schofield, Alison" <alison.schofield@intel.com>, alex.bazhaniuk@eclypsium.com, 
	Greg KH <gregkh@linuxfoundation.org>, Mike Rapoport <rppt@kernel.org>, 
	Ben Widawsky <ben.widawsky@intel.com>, "Huang, Kai" <kai.huang@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Stat-Signature: u5u4f4b7yqrjzwr441f5nhm77f6cpuwp
X-Rspamd-Server: rspam12
X-Rspamd-Queue-Id: B61F2200B4
Authentication-Results: imf31.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b="YVTJUSj/";
	spf=pass (imf31.hostedemail.com: domain of hughsient@gmail.com designates 209.85.167.42 as permitted sender) smtp.mailfrom=hughsient@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspam-User: 
X-HE-Tag: 1652690332-674707
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, 6 May 2022 at 20:02, Boris Petkov <bp@alien8.de> wrote:
> Remember - this all started with "i wanna say that mem enc is active" and now we're so far deep down the rabbit hole...

This is still something consumers need; at the moment users have no
idea if data is *actually* being encrypted. I think Martin has done an
admirable job going down the rabbit hole to add this functionality in
the proper manner -- so it's actually accurate and useful for other
use cases to that of fwupd.

At the moment my professional advice to people asking about Intel
memory encryption is to assume there is none, as there's no way of
verifying that it's actually enabled and working. This is certainly a
shame for something so promising, touted as an enterprise security
feature.

Richard