From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 864A0FA3740 for ; Thu, 27 Oct 2022 15:34:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0C4C38E0006; Thu, 27 Oct 2022 11:34:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 04DBA8E0001; Thu, 27 Oct 2022 11:34:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E30288E0006; Thu, 27 Oct 2022 11:34:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D029D8E0001 for ; Thu, 27 Oct 2022 11:34:06 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A466C1A0B4F for ; Thu, 27 Oct 2022 15:34:06 +0000 (UTC) X-FDA: 80067125292.22.6CCA76D Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by imf28.hostedemail.com (Postfix) with ESMTP id B0423C0005 for ; Thu, 27 Oct 2022 15:34:05 +0000 (UTC) Received: from zn.tnic (p200300ea9733e7cb329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:9733:e7cb:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 9004B1EC02FE; Thu, 27 Oct 2022 17:34:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1666884843; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=o5hkvVaAtguyvk+k1KB1ZUt++tlUO5KVc3yFFqeqwX8=; b=jqoWyf9qttnPb1+ejaXSkAQOCfFzrggbp28/nlN8EkIbUOPw29RsgsiZ/z2ZG3u7VebuUn MU6EhhvMZF3MT30dMrQuwvBB4su92pEFWDht57T07pN0s+yx1x8dRH6ocnyL7EltL/BRbd UR76zX2oet+PZlDCIfKHc5VatyLLel8= Date: Thu, 27 Oct 2022 17:33:59 +0200 From: Borislav Petkov To: Dave Hansen Cc: Martin Fernandez , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com, keescook@chromium.org Subject: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption Message-ID: References: <20220704135833.1496303-1-martin.fernandez@eclypsium.com> <6758af9b-1110-ad5a-3961-e256d5c8d576@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <6758af9b-1110-ad5a-3961-e256d5c8d576@intel.com> ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=jqoWyf9q; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf28.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666884846; a=rsa-sha256; cv=none; b=Q7kf8Sm+D99dc2vpUI34299K/HzSqxqox3GNLWP4wnYvuvBjRugBBFdI6pcBpDqwDXe1pm dFy3CHLdWWtav3TOFcCmZHEVH25Vr1DR1+/7tVh5mMIL1W+Uz5RDHP8beK3VOEhWrRdr4Z x9LvMdTje6EHLg5iTx+W9BEV64U+WnQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666884846; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=o5hkvVaAtguyvk+k1KB1ZUt++tlUO5KVc3yFFqeqwX8=; b=oKaJtTTuLGIlKJHvSmTnEllHPmnXJCY8XvAJLDUmNMbidAm/eCxstdG7QvvGz1abRZ5Y9m P1qx0cheAqIDGJB8zDWrW2lM2ac1iw03AuPijzfjDY55gsggoV6pmx4Kd0fl46YT7m2ldI 521jqQMKf+bgKDvOxOPQCwZPWfuRdmk= Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=jqoWyf9q; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf28.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de X-Rspam-User: X-Stat-Signature: iiy939zt9kjc5z5sm8xesz9ugtpbq578 X-Rspamd-Queue-Id: B0423C0005 X-Rspamd-Server: rspam11 X-HE-Tag: 1666884845-153499 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Oct 27, 2022 at 08:21:02AM -0700, Dave Hansen wrote: > On 10/27/22 01:57, Borislav Petkov wrote: > > Well, I still think this is not going to work in all cases. SME/TME can > > be enabled but the kernel can go - and for whatever reason - map a bunch > > of memory unencrypted. > > For TME on Intel systems, there's no way to make it unencrypted. The > memory controller is doing all the encryption behind the back of the OS > and even devices that are doing DMA. Nothing outside of the memory > controller really knows or cares that encryption is happening. Ok, Tom just confirmed that AMD's TSME thing also encrypts all memory. So I guess the code should check for TME or TSME. If those are set, then you can assume that all memory is encrypted. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette