From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F5B6C433FE for ; Thu, 13 Oct 2022 21:01:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A2AE26B0071; Thu, 13 Oct 2022 17:01:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9D9B86B0073; Thu, 13 Oct 2022 17:01:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 87B046B0074; Thu, 13 Oct 2022 17:01:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 732226B0071 for ; Thu, 13 Oct 2022 17:01:01 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 34945C06B4 for ; Thu, 13 Oct 2022 21:01:01 +0000 (UTC) X-FDA: 80017145922.05.86E5208 Received: from mail-vs1-f42.google.com (mail-vs1-f42.google.com [209.85.217.42]) by imf05.hostedemail.com (Postfix) with ESMTP id 8A07710002D for ; Thu, 13 Oct 2022 21:01:00 +0000 (UTC) Received: by mail-vs1-f42.google.com with SMTP id a2so3033692vsc.13 for ; Thu, 13 Oct 2022 14:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vl6cdceIfSLEAxmLwC9m2TMbI2mgFoDktXj4qb4IX6M=; b=JyzGe36jN6a44ks51OsthNFBJoCn0S0eWNzB1CMybLAkSSAAL3Bkjb6rebwGsX+WGu qDEOWY9nxLULNYzg0QNGNqkb1XiLkf1ql/qbqPZo+V3ys3LrpwEE+DjHvTIT0qAcWUD9 GDP7H4/7phBjIWi0LA5XCDPPxpydhhZhmB53CUVih21EDcNl8JDAnnq3pRQq3YuWi0S9 IgXJukKX0ZbkBsL1JTIvJhXzfz8kbBT6r/wG2yHnme/YYOd7J5sJloY1FRTzC4uIabAA kxtCVM5Z3tB2ymoQ6lTNfGHqxQAzxcc5MUsKVAHcbt9bfPuzPtcSk2dYtKohOt/bWM67 ZzEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vl6cdceIfSLEAxmLwC9m2TMbI2mgFoDktXj4qb4IX6M=; b=ibZ7qxEzHN3FvsvFKmIJ28qDc9YJme/0KQY6lPqPdCUB/UljkID3cKiAlDbVQ75pFo VJU8RXdMqsFL02eaYHLe5SyuI89XolbTfqRCldmKf69Z7lObgVBc1ru3rfgcq+pa/8UN FbHE9UvFInUL55+PJjby3jksSp1W7T21Vn1ojVtIbQgrutDOqM24/t9CxlU6cU4H1kRJ bZStlMZ+68rdm+WLTr5SOzGPYGkCQws0BohpFbj2P61clfxaRniHI2NPBz8YBobU3Zdy 9Igyu+bt8AqjzRX+qpeIWjWoYacrS/J3gMIqG+tEPMyNIs7pEN0OAXtyeNrWAPe7Ggt7 fK+g== X-Gm-Message-State: ACrzQf0U1XqgKShPwN21Z2X18Z3M73j+QFQnKMLgLyzQc9UyTkIOl9PO pX6IQVZPPHLXmTre5eMjcKqklTp4lVIdTlvQmXZ46g== X-Google-Smtp-Source: AMsMyM745IH36YDPS78240aSd5ih8VEEqLheErzdCP96kDnzeFZDtidSehtNqirERd6mNNyNjGgVTcshfQletGvsk+k= X-Received: by 2002:a67:ee85:0:b0:38a:bb8e:d04e with SMTP id n5-20020a67ee85000000b0038abb8ed04emr1424360vsp.26.1665694859658; Thu, 13 Oct 2022 14:00:59 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ab0:136f:0:b0:3d2:4916:f286 with HTTP; Thu, 13 Oct 2022 14:00:58 -0700 (PDT) In-Reply-To: References: <20220704135833.1496303-1-martin.fernandez@eclypsium.com> From: Martin Fernandez Date: Thu, 13 Oct 2022 18:00:58 -0300 Message-ID: Subject: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption To: Borislav Petkov Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com, keescook@chromium.org Content-Type: text/plain; charset="UTF-8" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1665694860; a=rsa-sha256; cv=none; b=gLs2wP6mwcOf3pKKPttV0QwHTbGWDmr+V/5oOwpZrv4s71bbaWOivq7hwCKnagVrOIX428 u2r9xI+z3KcdKE7VHXSGncoyFDHJkE9NJxG6mxmGkJ4jXhZiXRgqoubkiXAxEIfPszCb2t sooaBpoxDc+QUtgyrfw+6M8RQ+rCNM4= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=eclypsium.com header.s=google header.b=JyzGe36j; spf=pass (imf05.hostedemail.com: domain of martin.fernandez@eclypsium.com designates 209.85.217.42 as permitted sender) smtp.mailfrom=martin.fernandez@eclypsium.com; dmarc=pass (policy=quarantine) header.from=eclypsium.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1665694860; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vl6cdceIfSLEAxmLwC9m2TMbI2mgFoDktXj4qb4IX6M=; b=m5QZI2+psld1ISONa+5BkRvrHDdMQeLjD9krV3SrltVMzW+RYhBn0ta02S0bUohOTbmnvW Z3N/yYPncrzaHV5uWeMDk+VNO+lweI5wGKYqFcYAIvwWAThMAwVxOtaNax9qLsUyZ727Gc 9AYA+ksVcdV+VtyaJ1TNCgZSz64N+WY= X-Stat-Signature: zc9f7a7tgi6h9odmrqqkmby61fukfcsm X-Rspamd-Queue-Id: 8A07710002D X-Rspam-User: X-Rspamd-Server: rspam08 Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=eclypsium.com header.s=google header.b=JyzGe36j; spf=pass (imf05.hostedemail.com: domain of martin.fernandez@eclypsium.com designates 209.85.217.42 as permitted sender) smtp.mailfrom=martin.fernandez@eclypsium.com; dmarc=pass (policy=quarantine) header.from=eclypsium.com X-HE-Tag: 1665694860-557277 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 10/13/22, Borislav Petkov wrote: > On Mon, Jul 04, 2022 at 10:58:24AM -0300, Martin Fernandez wrote: >> If all nodes are capable of encryption and if the system have tme/sme >> on we can pretty confidently say that the device is actively >> encrypting all its memory. > > Wait, what? > > If all memory is crypto capable and I boot with mem_encrypt=off, then > the device is certainly not encrypting any memory. > > dhansen says TME cannot be controlled this way and if you turn it off in > the BIOS, EFI_MEMORY_CPU_CRYPTO attr should not be set either. That's bad, because it would be nice if that attribute only depended on the hardware and not on some setting. The plan of this patch was, as you mentioned just to report EFI_MEMORY_CPU_CRYPTO in a per node level. Now, I think I will need to check for tme/sme and only if those are active then show the file in sysfs, otherwise not show it at all, because it would be misleading. Any other idea? > But that > marking won't work on AMD. You mean that EFI_MEMORY_CPU_CRYPTO means nothing on an AMD system?