From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3A26C43334 for ; Tue, 5 Jul 2022 17:35:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6C39F6B0071; Tue, 5 Jul 2022 13:35:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 64B5A6B0073; Tue, 5 Jul 2022 13:35:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4EB3D6B0074; Tue, 5 Jul 2022 13:35:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 3816C6B0071 for ; Tue, 5 Jul 2022 13:35:21 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 1553420321 for ; Tue, 5 Jul 2022 17:35:21 +0000 (UTC) X-FDA: 79653747642.11.AE43DDF Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) by imf26.hostedemail.com (Postfix) with ESMTP id 5208614003A for ; Tue, 5 Jul 2022 17:35:20 +0000 (UTC) Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-31c89653790so65281887b3.13 for ; Tue, 05 Jul 2022 10:35:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=N1RVv8GLah3jMA4qO6jppLWYR2xCPjLlybVcMFi9TkA=; b=XbUoFpk32JL+JGxIDO7PVWAY8WdDSLRS1iq3ntXuQM+1PWdVu30+UFGLgZ63ajxHMh l6CxkOFMRyYI85VpaVmv/O4B5HAi/wCgn/0pXNd+yjx+1+o4WA1lGl/38pLCNIVc7LgX s2+VolMOZXiNOaDOn31Y6AWXId+uhJmbj9+rpqKTX9Z0YRjjWgHNuqqBwmlZTKBVieVF Vw/ZD0Pv8fBHt9NIrvvnh/GFpTwzKY9QvStEHBluThfy9s0lFfam7fjTUNuXaD6A4AKq tMUmhaUdZFbapqU9oSdl3gjDgfoeCeKyrIOYQUqVBtsLNBQAeat1Oh/pU/a9nJGe78D+ r3VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N1RVv8GLah3jMA4qO6jppLWYR2xCPjLlybVcMFi9TkA=; b=YWhUUa4GZxXaYzas2chF0Pjn1O6SYkMD8VR/bjMYh6Og59RHPZTbyZIYxOz/FE1D7B 9TSwQWHTbuT159pcUnxEumOKvKE0/IEHswxtlmpjH2KF8J/ygCZZ/aGOl8a5owCRMGxf jeuzumlDzsUYHD459HyWN4UrZ/mpz+pIUuEpyDmWoLttaV6HGzqfU5QzCRbwKLChWjcV FnGTzBhj+v+2mw+g9EAkweHeca2fERDGZQU6reedBgD3xzgUTcrsO9FbZqM6ojtpqSvE iaFoJlNh/TwV/YYZiWLPTHJJrC7g3h+5BElZPgkWhPM9yDq7RaNcRkfg7X3VsUDuWhyP pZGg== X-Gm-Message-State: AJIora/jPhPnZ3npsCYY2GrR2uDC4lJsisctf935xZadYtsr7oRV26Jq 5Td98MzsVhY3p41BkaeAl/pD0GeqLz1OudfEMKGZmw== X-Google-Smtp-Source: AGRyM1slzBuJVxbvk6YiQUttWqqnmkJPffeEwA+zeKfyrL6oTKEeCyul8ggbc1OS1eYwXXU9UdtHEhFAX11lTJVPIzk= X-Received: by 2002:a0d:ca93:0:b0:31b:ac58:1047 with SMTP id m141-20020a0dca93000000b0031bac581047mr39435104ywd.323.1657042519381; Tue, 05 Jul 2022 10:35:19 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a0d:f944:0:0:0:0:0 with HTTP; Tue, 5 Jul 2022 10:35:18 -0700 (PDT) In-Reply-To: References: <20220704135833.1496303-1-martin.fernandez@eclypsium.com> <20220704135833.1496303-10-martin.fernandez@eclypsium.com> From: Martin Fernandez Date: Tue, 5 Jul 2022 14:35:18 -0300 Message-ID: Subject: Re: [PATCH v9 9/9] drivers/node: Show in sysfs node's crypto capabilities To: Greg KH Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com, keescook@chromium.org Content-Type: text/plain; charset="UTF-8" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1657042520; a=rsa-sha256; cv=none; b=UK6c8d+/pBI0dgYuVJHl3cKw5r2biCWoW45piNu8Tu2lnatN/qTs8acbLJ6EEjT43A3a3p VqEtMt3LFP4faJyPZoPzmUn42OZouuMBF9jE5x9fbWl6mw6S+dhYffw+nCEiFeVkXXiTy1 vDSNuVPb82kQGA+Ug3wq2Am0o6ZoiCM= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=eclypsium.com header.s=google header.b=XbUoFpk3; spf=pass (imf26.hostedemail.com: domain of martin.fernandez@eclypsium.com designates 209.85.128.179 as permitted sender) smtp.mailfrom=martin.fernandez@eclypsium.com; dmarc=pass (policy=quarantine) header.from=eclypsium.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1657042520; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=N1RVv8GLah3jMA4qO6jppLWYR2xCPjLlybVcMFi9TkA=; b=bvDBgvIh1TsBwa+dTkO/6R6CJDWPbs9q4sboxXtIPMDmUx801DpCbudUgvIPesW0TtfJkI keM6y60Kn2o4kUjk9XQcc9f4ka6A0OaEgl5t61i6O/JW/NFYiRlm2pgf9ovhLZm3Z69ZHK J/0ib7tWhDwZEDvFruBPcwCJTHpG1FI= X-Stat-Signature: st96ycbscrkaadsqoshoowwzpdq78k5s X-Rspamd-Queue-Id: 5208614003A Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=eclypsium.com header.s=google header.b=XbUoFpk3; spf=pass (imf26.hostedemail.com: domain of martin.fernandez@eclypsium.com designates 209.85.128.179 as permitted sender) smtp.mailfrom=martin.fernandez@eclypsium.com; dmarc=pass (policy=quarantine) header.from=eclypsium.com X-Rspam-User: X-Rspamd-Server: rspam12 X-HE-Tag: 1657042520-131813 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 7/4/22, Greg KH wrote: > On Mon, Jul 04, 2022 at 10:58:33AM -0300, Martin Fernandez wrote: >> Show in each node in sysfs if its memory is able to do be encrypted by >> the CPU; on EFI systems: if all its memory is marked with >> EFI_MEMORY_CPU_CRYPTO in the EFI memory map. >> >> Signed-off-by: Martin Fernandez >> --- >> Documentation/ABI/testing/sysfs-devices-node | 10 ++++++++++ >> drivers/base/node.c | 10 ++++++++++ >> 2 files changed, 20 insertions(+) >> create mode 100644 Documentation/ABI/testing/sysfs-devices-node >> >> diff --git a/Documentation/ABI/testing/sysfs-devices-node >> b/Documentation/ABI/testing/sysfs-devices-node >> new file mode 100644 >> index 000000000000..0e95420bd7c5 >> --- /dev/null >> +++ b/Documentation/ABI/testing/sysfs-devices-node >> @@ -0,0 +1,10 @@ >> +What: /sys/devices/system/node/nodeX/crypto_capable >> +Date: April 2022 >> +Contact: Martin Fernandez >> +Users: fwupd (https://fwupd.org) >> +Description: >> + This value is 1 if all system memory in this node is >> + capable of being protected with the CPU's memory >> + cryptographic capabilities. It is 0 otherwise. >> + On EFI systems the node will be marked with >> + EFI_MEMORY_CPU_CRYPTO. > > Where will such a node be "marked"? I do not understand this last > sentence, sorry, can you please reword this? What I meant is that if all the memory regions in a given node are flagged with EFI_MEMORY_CPU_CRYPTO then that file will hold a 1. Maybe it's a little confusing if you don't know what EFI_MEMORY_CPU_CRYPTO is. > And why is EFI an issue here at all? Checking for EFI_MEMORY_CPU_CRYPTO is the way to know if a memory region is able to be encrypted by the CPU on EFI platforms. It's not really an issue and it's currently the only implementation for this file. Is it clearer here? This value is 1 if the memory in this node is capable of being protected with the CPU's memory cryptographic capabilities. It is 0 otherwise. On EFI systems this means that all the memory regions of the node have the EFI_MEMORY_CPU_CRYPTO attribute set. > thanks, > > greg k-h >