Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp729503ybt; Fri, 19 Jun 2020 12:11:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7SC7JvdWsVX3VtWQ4JkT5MG1OElwX3dcMxv2Ckte/8QhjVB28U0XoAblg74otrOACOd+p X-Received: by 2002:a17:906:7253:: with SMTP id n19mr5244211ejk.31.1592593892416; Fri, 19 Jun 2020 12:11:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592593892; cv=none; d=google.com; s=arc-20160816; b=JXuJEBC4rzMlNyo15ujR9bLkjddrvML8sVoGjE4PlNMu8mJYnnLAIJ6Tfk17+uW4rv qRMCNV6efxgc2VbR7GfBGSyrrnyf/LlxSPztDuIe4lweiEr8rFZfIrT5o3zqjwIY22cI DZeNq5lVGEmBAGNRSC7c9ihfbg+G4FCPDBvUR3EIOHQ82jIOiUq49moI2zlvZw/ytnbd hb1DetB/1I4KejUp2q4HehHrZHNDTddWXCtsRb+6MyhI1TF/WDQe1sMeVMlRSsdRIJ99 VHj/vI6O/4up4PrdthMVmzfNZTSOi6Vxp7+l4X99AX3wDkCtZ3i3v6zLNgdcfvTmQdT2 s8bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=IzzMT40vU3nueiT6DTpLBRPxebRBMtj1EnEAC0klTTQ=; b=TDsBZiwvxKMmgZicDwN5A/rkVqv/ShKGsk1maPuTwdMt9ly4UO71BVhuhO/nEt0Wyh cnPBhRxegnG4SmpsmgUe31K2iZOnAD7OlLOZ2ScFmCLiddNnvUO89k3eYXgkGW/5A7lS 3HDOK2C5BWlJOX1b98tqM3df6PNTTF2cTmO2/InDVNE+esIeIfiDrl42bJnzGawc87UT kzrMshGUxoZE3C6/shzk1qDuyc271aomS2+VNIUB90v1ALYNR5nB2NvzIOm+D8XILoz4 qbtIghNcpuJ81mjeaQC5yOtoyhoGXHfNqJgz2+PMVX40QinmZhOBtaDPXx3tBhWBFdnJ nekw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lVieVKFH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ly15si4212965ejb.649.2020.06.19.12.11.02; Fri, 19 Jun 2020 12:11:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lVieVKFH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731396AbgFSNhz (ORCPT + 99 others); Fri, 19 Jun 2020 09:37:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728068AbgFSNhv (ORCPT ); Fri, 19 Jun 2020 09:37:51 -0400 Received: from mail-ua1-x941.google.com (mail-ua1-x941.google.com [IPv6:2607:f8b0:4864:20::941]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D5A0C06174E for ; Fri, 19 Jun 2020 06:37:51 -0700 (PDT) Received: by mail-ua1-x941.google.com with SMTP id t26so3174134ual.13 for ; Fri, 19 Jun 2020 06:37:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IzzMT40vU3nueiT6DTpLBRPxebRBMtj1EnEAC0klTTQ=; b=lVieVKFHIMbkGfDsT0YsJFX6JvJ5/tl5Mcqj1yjwqAnYaMHyuiRLjnES4khXrwMv2R 26/St6t75HDZ1mdPFMMUda1uJTm8an7A4TxxAUZjUHN5jp4gio8XMweS3SoktVO7yUwI oNm1nqAiAXpRbKm6CGu4Pf5wN/2XiuXYTrV/RuG81Id6nLi/1W4PfCZPm2RBSvVn4PAN odLO2RWclqOqmJh9ueiL1GOcE+NjhpOLXznaVpCuyfYsyRRvp43AeaXinRLNfjARg3o8 PBo0nPTXwasf09Wrub66tUkO9FePfJ+j5f/isJNxG9u2i+MX8CESWrVdbxyRbBGN1WHc 6VqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IzzMT40vU3nueiT6DTpLBRPxebRBMtj1EnEAC0klTTQ=; b=H17NvpvyD5EintDiYrWt/Rn+Sc48vxLzG3aBl+LAmJ3+Daq+rbTT98DyD8SIp5dZpw sVpvLZDlnbJWRHikHhLmr7svjr7XAMy9c660QA5Z8eFlZSIW2v9aL2orfBlnVg/JUI+h qr9Dv3wg89/Euaa4uh3087w2upXwmyINdscKvXHn9l4AwHnXSkmk2DIrPoIN7s52JDrz 6dsHz8pEvj4g3sFsmOobz+I3jpY9u0/1byfzcj/+m+qeWOcIS3lQMAZdWdxb6owBeAR7 pRt7ruzUXVEOYMVwcXnGCbqqjXjjkNNtpqiYtKIIWLzAqI26QhBnyuq/fNGa4Anwyjbl R9jA== X-Gm-Message-State: AOAM530DtJaU8o5B0ufOG+87dqCPua8RxYWmB8Jju/hjtfKsFvU59HIS kSfW+0R/6LBAAbMbXVo4mZ8NERQUsTIw/Y/Qc+M= X-Received: by 2002:a9f:2375:: with SMTP id 108mr2738865uae.74.1592573869965; Fri, 19 Jun 2020 06:37:49 -0700 (PDT) MIME-Version: 1.0 References: <20200618210215.23602-1-daniel.gutson@eclypsium.com> <589c89ae-620e-36f8-2be5-4afc727c2911@intel.com> <23babf62-00cb-cb47-bb19-da9508325934@intel.com> <80578b72-cb6f-8da9-1043-b4055c75d7f6@intel.com> In-Reply-To: <80578b72-cb6f-8da9-1043-b4055c75d7f6@intel.com> From: Richard Hughes Date: Fri, 19 Jun 2020 14:37:38 +0100 Message-ID: Subject: Re: [PATCH] Ability to read the MKTME status from userspace To: Dave Hansen Cc: Daniel Gutson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" , Arnd Bergmann , Greg Kroah-Hartman , Peter Zijlstra , "David S. Miller" , Rob Herring , Tony Luck , Rahul Tanwar , Xiaoyao Li , Sean Christopherson , Dave Hansen , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 19 Jun 2020 at 14:33, Dave Hansen wrote: > On top of that, the kernel can just swap data out to unencrypted storage. Right, but for the most part you'd agree that a machine with functioning TME and encrypted swap partition is more secure than a machine without TME? > So, I really wonder what folks want from this flag in the first place. > It really tells you _nothing_. Can I use TME if the CPU supports it, but the platform has disabled it? How do I know that my system is actually *using* the benefits the TME feature provides? Richard.