Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp482492ybt; Fri, 19 Jun 2020 06:34:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxiExOJ8k66rRMJUrEpvCdLI9i/csC0/YRfIB/F/OTFTPBW1k0HVplFAmW/+CFCTS5Z8mB8 X-Received: by 2002:a17:906:b04b:: with SMTP id bj11mr3741790ejb.516.1592573647592; Fri, 19 Jun 2020 06:34:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592573647; cv=none; d=google.com; s=arc-20160816; b=0vx7jPBoCKuHOKJ21OcVjLuFiHHFrGER9+r1YdmN1Cosuxad289gMgPoVKhGyjFCZh HzKZhOSXfwyHTqufKk1RupyQopLfc8Z243zSyTKx0cCtGRof2Bv26bCBOBQVxiiL6m1+ 8gBwwExnp+Jx9vLmjhtpfoI7QQl++b93Rd2ei7bCIWF1skHQzlZFCBS+gDq3RRbcIxOe 4y/78R1sMDjIJKBfUPD+SWKiuWPx0iOrGOJOiYMplYkkUOjlq9SLqCHR5VPYMdXe/FY5 6+3QkG+RpFdk7uw8cSThU2NYRP5w3h/gge2i+jW26gFry9e7G7oChP+KyoXiUkoxXALT XcCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lqyPezOe1HuPhCGou395VGi6YIU74rcbqc6EaJGzPTs=; b=cCBiY6fsXYJHXRQIfsFE5+6VV0FwM+iXJ7NGCtiCsUUmzkzvIE7aWGn687X2kHzRYm wZcGRLGEoTdEunwyMe0nag8UqxAUs5scfyPjhnaYxJDy/C797ezsBZJcyxxbZLpbxRR+ E4g3Um+rfTKNidS+hI3AglkBjrQzcSPgfPk764denTdraktD0eC/tRQY+o4u4+we+WQz A2fHtppUHF+XXD+Wu84YBySft1OBIonoFdQqh8Qduhucr79DnCyDKQF5tyUzPXLF/el2 jb+4xKaoTvBQcfXMn3vxD+OSwP2HKmueIIaHZfAb3ZVuGYxLvGBpHTHqOnU9XyHb/5Xx V0cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=n1d7F+0l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q21si3624337edg.563.2020.06.19.06.33.45; Fri, 19 Jun 2020 06:34:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=n1d7F+0l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732699AbgFSNbn (ORCPT + 99 others); Fri, 19 Jun 2020 09:31:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726124AbgFSNbZ (ORCPT ); Fri, 19 Jun 2020 09:31:25 -0400 Received: from mail-vs1-xe41.google.com (mail-vs1-xe41.google.com [IPv6:2607:f8b0:4864:20::e41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12C43C06174E for ; Fri, 19 Jun 2020 06:31:24 -0700 (PDT) Received: by mail-vs1-xe41.google.com with SMTP id r5so3035545vso.11 for ; Fri, 19 Jun 2020 06:31:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lqyPezOe1HuPhCGou395VGi6YIU74rcbqc6EaJGzPTs=; b=n1d7F+0loU1Yl61YbuxXDdq4U0erKvI5J7PIcIkTGFIdGNB4vtU5BSbg+Z+qu8gOUC ToaVhFgpEB8WR8/KlrF+zrYA5Ljgo/QQrR7K+ktZCJlAjQ36iUR5GTQyl6FxIH7Ar/sl 8oyPEkPeiQnibIpf5AbiTRDf94Tef6ItH3E4Rg3K6R4GSUbklqAzmDnfCiUBJ4zZhjb3 cqsnMPbrHKXyCkaq/G6qkBhlpedejXH5SEBuKOP69Byq3zstg63Ho202P4llhCjeaPEo Izv/IsRP2d3hgjUPhlUkpbdagc4glaACAxffuRYIdlg9fF7CrZgGG9hmvZpnYoWfyMI/ pd3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lqyPezOe1HuPhCGou395VGi6YIU74rcbqc6EaJGzPTs=; b=XjixfBLRsCLvnA7Jx1O718pzQTZ0us7yX1/2I6atCOZ8uGfIiKeWRX4Qb795Fbpl2l Q6nIHCNfX3Qag5jN8C5ZtbdUfIl4ND+g9aaA9ubCB7yZamWMvCoOpmTn2vOnSM3xCxkO f1jwbPZi/RcoqWLT7wuXTzT2AKOUYFnp5GH1KyOVYM5Q3/d7zGJKkYfZp5gfYBgymJkf EAUcbXtPghJUPhutdvEI/W7A0OG5u7ipNr6vcPcs4zDUTXrCxxPqpJf/XC/qRYnpDqBV FCaj+QABbLhZ3QpJFb+pbBX1QVEks0nkxtVhNPtYYCWF+R5WpVggx/vJ3eFL7ya/tEFO ZBIQ== X-Gm-Message-State: AOAM530TDsUrJhA5A4GujrxLAjAy5bMW1WG7tmO/o/RDbvBI+TmFUrgq Zp8Ju9rVYMuRlF0Oxg53DtgEySknFEdlxIHfDeI= X-Received: by 2002:a67:d597:: with SMTP id m23mr7746067vsj.209.1592573483327; Fri, 19 Jun 2020 06:31:23 -0700 (PDT) MIME-Version: 1.0 References: <20200618210215.23602-1-daniel.gutson@eclypsium.com> <589c89ae-620e-36f8-2be5-4afc727c2911@intel.com> <20200618220139.GH27951@zn.tnic> <20200619074053.GA32683@zn.tnic> <20200619132243.GC32683@zn.tnic> In-Reply-To: <20200619132243.GC32683@zn.tnic> From: Richard Hughes Date: Fri, 19 Jun 2020 14:31:11 +0100 Message-ID: Subject: Re: [PATCH] Ability to read the MKTME status from userspace To: Borislav Petkov Cc: Daniel Gutson , Dave Hansen , Thomas Gleixner , Ingo Molnar , x86@kernel.org, "H. Peter Anvin" , Arnd Bergmann , Greg Kroah-Hartman , Peter Zijlstra , "David S. Miller" , Rob Herring , Tony Luck , Rahul Tanwar , Xiaoyao Li , Sean Christopherson , Dave Hansen , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 19 Jun 2020 at 14:22, Borislav Petkov wrote: > And how is the user going to know from your "module"? AFAICT, your > module loads on any system - not only on ones which have MKTME in CPUID. I maintain fwupd, which would be one consumer of this information. At the moment we already look at the CPUID for the TME flag, which successfully recognises CPU systems which support the feature. What we don't know is if the firmware platform has disabled the MKTME feature. Ideally we would export two things: 1. that the CPU supports TME (->cpuid, already done) 2. that the platform has not disabled TME in some way The only way we have at the moment to see if TME is supported on the platform (rather than just the CPU) is by grepping the entire systemd journal at boot time, grepping for the "x86/tme: enabled by BIOS" string. With a securityfs/sysfs/procfs file we don't have to do this expensive operation for reading one tiny bit of data. Richard