Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp726063iob;
        Wed, 18 May 2022 11:31:42 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxZhEXyu/aQgnAy4vI/SWDRgdhoBmMdOO77c2+LSSm0MyAJO7fVxmZqxJK7t4xGacfKY3mt
X-Received: by 2002:a17:90b:4ac1:b0:1df:c71d:510c with SMTP id mh1-20020a17090b4ac100b001dfc71d510cmr1349624pjb.118.1652898702670;
        Wed, 18 May 2022 11:31:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652898702; cv=none;
        d=google.com; s=arc-20160816;
        b=PEZUQSUa/86A/Xig9AkU36u7TeobQdCsDnzli3xwItL2G/CBT4H4G2BRsC9eHCI6VE
         Ia3jkqaHYNmAys4s8XFNsBNyz/sLr4bIgLGbLjBBOZUl46fomKEDp5LNtofYlJpyQkEg
         34KiYw4ph1Yiytp/QQMuBAaEhSQBjsZHaHzyUvYPY/M0NHxQMJCigcdy1zq1faY66iGh
         1LvXoY2oSFpC/zB2+jvpdybydjeryXifWgvixpbXLI4+0b1ybnOfO18MI8+OkOC9wuUK
         0zcKOP4vd+bf9vHZztNKjnzVoBxHDLuMofpD5kzD6ueTbs2Ht88rv4kdQaw/WIcqVM5G
         xS2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=rs+hYjREIGQRrA6fYOwB+iDuVdssLJ9+QtiHFV7DjL0=;
        b=M47EUV4hAnV/Ymx9RPPFF8wApuyyEH/Ygk1L37jJvDQsvqm1d/YQaQPmOwFooTf2Og
         tY9+S+buCqzGRKkfC3YeFfV1KQCYlUzpDYLDDECmwO3GcS1xY8L+Zr47ys+uMZ6MWN2g
         ynTZJozn9G+Uz1N1PjNfM+fUHpxrC7RQQZ3qmDvSsl+rjSWrdglqDIyd6VBkz9xze2RS
         Jq6QCGpPWS3b04H75uENCNRDgQIuZv6szeQrYc5zCd3sbqWQ2cevVVz2du1hyqVS9C+2
         Y3UfNmUMFGdxbqPKvhnLpML/h73/dOkGQ258y8orIijs2yiApjj57k6W2lAYpyDkgZRS
         fvBA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=56li6rLC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id l19-20020a635713000000b003dbb0401e4bsi3465506pgb.62.2022.05.18.11.31.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 May 2022 11:31:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=56li6rLC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 021E9209551;
	Wed, 18 May 2022 11:29:12 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241390AbiERS3H (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 99 others); Wed, 18 May 2022 14:29:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43728 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241389AbiERS3C (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 May 2022 14:29:02 -0400
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1024205241
        for <linux-kernel@vger.kernel.org>; Wed, 18 May 2022 11:29:00 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id a38so23767pgl.9
        for <linux-kernel@vger.kernel.org>; Wed, 18 May 2022 11:29:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=intel-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=rs+hYjREIGQRrA6fYOwB+iDuVdssLJ9+QtiHFV7DjL0=;
        b=56li6rLC4mQzRo0A2kXqCOMihPnh37A1HauoHxo4CjJMMuRdOwMf25S0Gg0mhW4H1V
         9oOovgGOyX26iKhdSLr17ZDHUilwvfRWItX4kYjWxDcZeJLKtWZdFg1s7NiWZdD+GyVM
         KJttKiC4l1M5erBf0kwMAuhlpCYSJef4Ht1zQqWzfQh9U259WzwAbZy7OglBSEw1Kkt5
         I8zIKarbcikHCK0RFMumk20d6U4SinIwA/pHFrpQj3jVTbbDOPe4Z+fN1BJJD+DxEI+B
         O7cWYnGGR+LQ4+Smr495r3EMtIZ9/Hrn5EVFhO1s214IbW9ifIzL2RKvXS2XHrYOVgOA
         InyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=rs+hYjREIGQRrA6fYOwB+iDuVdssLJ9+QtiHFV7DjL0=;
        b=Oj3XBD01MWaL4w5+awgpQA0uIveY52GpqFJ640Y9qs8Div6lBtiZpPXuJMJHajvIL3
         IX2PHu6i1hivRdHiP/ruiGH7TlCELSnDA2GEhCYfw7wID24a6AVL9gOv5Y76WNlXgh91
         drSUobGdXo8QDvF5byr94TcdC30lYi0ttVjZTaIlSrSEGnf4cxs2rWpn4TLyvuSHhZTr
         jRXt5o0pbQWrHK1ZmQ2jj7kQCTGydTcm6RrNwTBJC9e5g0TClEW19GiHn9rRJ4bza3YG
         v8ia8MZjF5UGENEZVaEOWo5PJdOAcBTNnpex9/0eu9rxjRCH5Ys4rtDNvmN3I5zhmY2P
         JUVw==
X-Gm-Message-State: AOAM532EgD6KZpITCXy8rK3IYIgw9N31Qq8IL2tgzQtFXE3jT/yFJ8uR
        w4yPGWruk3rIRdzY3PsKkRrjgAtj7npzwYHARbNXBw==
X-Received: by 2002:a63:e648:0:b0:3f2:7ade:8f86 with SMTP id
 p8-20020a63e648000000b003f27ade8f86mr670271pgj.40.1652898540353; Wed, 18 May
 2022 11:29:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAKgze5YDD02AsrF0yESv2sptZ4qxyTMgCDmnOKcbQWjKQsJRsw@mail.gmail.com>
 <YnUYLDjIThbIz/Uf@zn.tnic> <6d90c832-af4a-7ed6-4f72-dae08bb69c37@intel.com>
 <CAPcyv4i73m6iPPfJE9CBdxf-OWGXahvGqvh6G-pqVO=3LB6ktQ@mail.gmail.com>
 <47140A56-D3F8-4292-B355-5F92E3BA9F67@alien8.de> <6abea873-52a2-f506-b21b-4b567bee1874@intel.com>
 <FDABC5C8-B80A-4977-9F97-5A8FC47F69D6@alien8.de> <4bc56567-e2ce-40ec-19ab-349c8de8d969@intel.com>
 <CE52D65A-C9F4-408D-B18A-72D87495A433@alien8.de> <CAD2FfiHe3hCSNHEA0mSWPbH4LEWhj+FgxkhO83U1GgYEJR6wrw@mail.gmail.com>
 <YoSlzqSGLrQ+jdnD@zn.tnic>
In-Reply-To: <YoSlzqSGLrQ+jdnD@zn.tnic>
From:   Dan Williams <dan.j.williams@intel.com>
Date:   Wed, 18 May 2022 11:28:49 -0700
Message-ID: <CAPcyv4jv52nv=Q=gm783ysU8D56iHzh9-UJrqqkgUve0f_kyZw@mail.gmail.com>
Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption
To:     Borislav Petkov <bp@alien8.de>
Cc:     Richard Hughes <hughsient@gmail.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Martin Fernandez <martin.fernandez@eclypsium.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-efi <linux-efi@vger.kernel.org>,
        platform-driver-x86@vger.kernel.org, Linux MM <linux-mm@kvack.org>,
        "H. Peter Anvin" <hpa@zytor.com>, daniel.gutson@eclypsium.com,
        Darren Hart <dvhart@infradead.org>,
        Andy Shevchenko <andy@infradead.org>,
        Kees Cook <keescook@chromium.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Ard Biesheuvel <ardb@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "Rafael J. Wysocki" <rafael@kernel.org>, X86 ML <x86@kernel.org>,
        "Schofield, Alison" <alison.schofield@intel.com>,
        alex.bazhaniuk@eclypsium.com, Greg KH <gregkh@linuxfoundation.org>,
        Mike Rapoport <rppt@kernel.org>,
        Ben Widawsky <ben.widawsky@intel.com>,
        "Huang, Kai" <kai.huang@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 18, 2022 at 12:53 AM Borislav Petkov <bp@alien8.de> wrote:
>
> On Mon, May 16, 2022 at 09:39:06AM +0100, Richard Hughes wrote:
> > This is still something consumers need; at the moment users have no
> > idea if data is *actually* being encrypted.
>
> As it was already pointed out - that's in /proc/cpuinfo.

For TME you still need to compare it against the EFI memory map as
there are exclusion ranges for things like persistent memory. Given
that persistent memory can be forced into volatile "System RAM"
operation by various command line options and driver overrides, you
need to at least trim the assumptions of what is encrypted to the
default "conventional memory" conveyed by platform firmware / BIOS.