Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp2804103iob; Mon, 16 May 2022 06:40:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzfJwXrTtScA4lq9a9v+pDwfE/MquVdJ9LHuboEmCucruYm8UTOpD36tWEB2GKVOLoE8Sgh X-Received: by 2002:a05:6402:cae:b0:42a:ba8f:9d05 with SMTP id cn14-20020a0564020cae00b0042aba8f9d05mr2301080edb.277.1652708410214; Mon, 16 May 2022 06:40:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652708410; cv=none; d=google.com; s=arc-20160816; b=CvJhh7m48PCJmAWTfraSHxWQ+no9qR9Rdn0zPKFJlXtSlWBFCDQ4c+gG3I2sHgRGbe fYYdDrLjUH3zW1Wzf91xZo30eJuMYvTN9/oHZabGxDu+0YuEikizpgchf1p7eAYudhZH W5qXvMPSykQx2V67W1weFBQat1BcHaZMnciqPF7IRRfNtlz5EbvWywe6hmg0Mpu8H56a HNsVJWCoMEAc4LiZLJOnp5m1qVsIEKPBLlMBcuTVakoIUgdUUz1ABiZD++vo1zpGS2oc xk8z7jbudeCWeOgwm0KQ8Vp3fK6GvkXrNHUnRuLbRZk2dHV5Df16HvNdWU2sAFE2zOeX gnRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=58VJTyS91eGqmdDXfaHsOWtLLXLnqdoRzKRAXC8kYBg=; b=T0BWMjiib48YevXB4AQ1FM3cFMGExhuMSRvegEiyq0a8zqRFLbpnJnuJ8TACD1j7JQ ZwGSQ1SBec2dbOfdXs1hggzD+BA/JWSbMGkcyB5j4h9fSpD4oVRbWX9D/lOaAF0WCSFQ jOv9e2ooSDeugOjBcMl2xAJS1GpC2h5XzMMRP+yhFjOUIffm5L7FZevX63S0RECJ1/W7 5kmGGajVaGsi4gZaGVOeqGK+RMYADT9rFv4slOCpwNfVhJwm67QJuZqfIiMilRHF/u9c bVh5M8079gq3DKs/0WGukSXzECnccpA8+X7Xj7qD+z04SDG3U4Sp6a2A9bPNIUX4X1yK mwTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="YVTJUSj/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e16-20020a17090658d000b006f49ee0cb62si10851275ejs.207.2022.05.16.06.39.42; Mon, 16 May 2022 06:40:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="YVTJUSj/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241860AbiEPIj3 (ORCPT + 99 others); Mon, 16 May 2022 04:39:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241852AbiEPIjU (ORCPT ); Mon, 16 May 2022 04:39:20 -0400 Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 455D5E0DD; Mon, 16 May 2022 01:39:19 -0700 (PDT) Received: by mail-lf1-x135.google.com with SMTP id t25so24484799lfg.7; Mon, 16 May 2022 01:39:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=58VJTyS91eGqmdDXfaHsOWtLLXLnqdoRzKRAXC8kYBg=; b=YVTJUSj/06UfDPLrm20dENmoGpPw2RJnksjmdtiMqOazR5RCC88+ZWL6zRO18B/o/B 9y/kX/HElg8zwwc6TZ5LZQET02cIH1M1OFTXBOSeyOgSS6KNwYbAuCjzIxCuLbxvjsDD 8EyhjCSDPM1Plw3hWzHYzL/z5yoiDWwlNvpZSXmFpi0t3lhmU2Bv1J8zGdXMJKFZHjJF rUhIAPPwq+z+xJhJMOjJLVUwp60NbkpUQqNqPldCGMvk3ZrIKrm+GFvaurLQHmTVARhm hDlKB2gdpPNayypGBUyaAuvpNymHS80rgVgB42nObLLsRGHhih+TH6JYo91Vsw4A0Kg1 yOMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=58VJTyS91eGqmdDXfaHsOWtLLXLnqdoRzKRAXC8kYBg=; b=QqML4grVSPGqaCJBbJEoRkRuhmFb7/On7F5IeWlt7omOHvVOb2GqZ20nafIdCI3Lvj JbJUKnx3rr/eIR0iJXFY4oPuIXfvJoHh+0BD1Yvc72L7yl5Pg66SFgf/jHlDZ5D/eO+j eeDl7L5qmVMUJ/v7EMYjigOT7Uto8EIQXGQg+nWWkQ16pRri4rwCbSO83Aq6DigEnL+M E9dz/MT8v0f269nYxlf71nW6HbYlVa9YwMqXeMtFNnFI+9X3mQjXd4LpLKP+8vCvwDrP o4iaf8tmNxiU6VheDGeYm9FPrt3Y5OpnSxfZQJMmdMOGhN9D0uS8MTy57eFnfivim8mu 2xkg== X-Gm-Message-State: AOAM533wzo95DEg9bSrm1LTpbaqvUFPJ7NrfJ72gnjWHj1jtV6bgc22h dOigWxiqiHMLXZIqZqH8ZXKMBcqhZDSz/xwR4b3FlUl3ZjI= X-Received: by 2002:ac2:5456:0:b0:471:f9e6:7388 with SMTP id d22-20020ac25456000000b00471f9e67388mr11665162lfn.504.1652690357642; Mon, 16 May 2022 01:39:17 -0700 (PDT) MIME-Version: 1.0 References: <20220429201717.1946178-1-martin.fernandez@eclypsium.com> <6d90c832-af4a-7ed6-4f72-dae08bb69c37@intel.com> <47140A56-D3F8-4292-B355-5F92E3BA9F67@alien8.de> <6abea873-52a2-f506-b21b-4b567bee1874@intel.com> <4bc56567-e2ce-40ec-19ab-349c8de8d969@intel.com> In-Reply-To: From: Richard Hughes Date: Mon, 16 May 2022 09:39:06 +0100 Message-ID: Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption To: Boris Petkov Cc: Dave Hansen , Dan Williams , Martin Fernandez , Linux Kernel Mailing List , linux-efi , platform-driver-x86@vger.kernel.org, Linux MM , "H. Peter Anvin" , daniel.gutson@eclypsium.com, Darren Hart , Andy Shevchenko , Kees Cook , Andrew Morton , Ard Biesheuvel , Ingo Molnar , Thomas Gleixner , Dave Hansen , "Rafael J. Wysocki" , X86 ML , "Schofield, Alison" , alex.bazhaniuk@eclypsium.com, Greg KH , Mike Rapoport , Ben Widawsky , "Huang, Kai" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 6 May 2022 at 20:02, Boris Petkov wrote: > Remember - this all started with "i wanna say that mem enc is active" and now we're so far deep down the rabbit hole... This is still something consumers need; at the moment users have no idea if data is *actually* being encrypted. I think Martin has done an admirable job going down the rabbit hole to add this functionality in the proper manner -- so it's actually accurate and useful for other use cases to that of fwupd. At the moment my professional advice to people asking about Intel memory encryption is to assume there is none, as there's no way of verifying that it's actually enabled and working. This is certainly a shame for something so promising, touted as an enterprise security feature. Richard