From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C06CC433F5 for ; Fri, 6 May 2022 12:44:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 407DE6B0072; Fri, 6 May 2022 08:44:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B6F56B0073; Fri, 6 May 2022 08:44:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 257206B0074; Fri, 6 May 2022 08:44:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 13A0E6B0072 for ; Fri, 6 May 2022 08:44:40 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay11.hostedemail.com (Postfix) with ESMTP id D735980D9C for ; Fri, 6 May 2022 12:44:39 +0000 (UTC) X-FDA: 79435287078.01.FCC79D6 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by imf29.hostedemail.com (Postfix) with ESMTP id C310712007E for ; Fri, 6 May 2022 12:44:29 +0000 (UTC) Received: from zn.tnic (p5de8eeb4.dip0.t-ipconnect.de [93.232.238.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 4FC151EC0535; Fri, 6 May 2022 14:44:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1651841069; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=w5a6VyPh1Kscuhtqek949cERiqs3llXbkMpRPLQU5xk=; b=dpv0sfJ5xO11IrTCW6v14olvNOOwGrPsTwhjEfGvy52/IQq+4XMU7KoitZrS39tyViUorp OR+MmdaGZEgHm0e4Ni5J6+hp0htSwMKucCTk81kI0MzRsJk0513S9YBDSBJAFM08racC6c eEYzCqDeC8PmWbUkGHxbSx/eOo6xEks= Date: Fri, 6 May 2022 14:44:28 +0200 From: Borislav Petkov To: Martin Fernandez Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com, keescook@chromium.org Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption Message-ID: References: <20220429201717.1946178-1-martin.fernandez@eclypsium.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: C310712007E Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=dpv0sfJ5; spf=pass (imf29.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de; dmarc=pass (policy=none) header.from=alien8.de X-Rspam-User: X-Stat-Signature: jhz68d41duyma59jdrzxytjz8e1ga9rx X-HE-Tag: 1651841069-217352 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, May 04, 2022 at 02:18:30PM -0300, Martin Fernandez wrote: > The use case is to know if a user is using hardware encryption or > not. This new sysfs file plus knowing if tme/sev is active you can be > pretty sure about that. Then please explain it in detail and in the text so that it is clear. As it is now, the reader is left wondering what that file is supposed to state. > Dave Hansen pointed those out in a previuos patch serie, here is the > quote: > > > CXL devices will have normal RAM on them, be exposed as "System RAM" and > > they won't have encryption capabilities. I think these devices were > > probably the main motivation for EFI_MEMORY_CPU_CRYPTO. So this would mean that if a system doesn't have CXL devices and has TME/SME/SEV-* enabled, then it is running with encrypted memory. Which would then also mean, you don't need any of that code - you only need to enumerate CXL devices which, it seems, do not support memory encryption, and then state that memory encryption is enabled on the whole system, except for the memory of those devices. I.e., $ dmesg | grep -i SME [ 1.783650] AMD Memory Encryption Features active: SME Done - memory is encrypted on the whole system. We could export it into /proc/cpuinfo so that you don't have to grep dmesg and problem solved. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette