Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp837400iog; Wed, 15 Jun 2022 13:32:32 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vWwoZAAulVNEDdPjbBYZYv9CeGLHeMB3uJnqsD4MRJeNWcFnsP3kHljA8VimbpWsbYnNIJ X-Received: by 2002:a17:903:20d3:b0:168:9928:db1e with SMTP id i19-20020a17090320d300b001689928db1emr1259980plb.45.1655325152454; Wed, 15 Jun 2022 13:32:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655325152; cv=none; d=google.com; s=arc-20160816; b=Q7rPC4Z3oKASXGvYA1rGCIfFuLwrANjLu0cztRRySbIKH2I1MSbUZWSoDmRMyDcoo2 qXZi8Io0TwlgGb7RSNkgr9pUDvtgH1kWwQipStSjCRDSfUCz1cGiNOEMotE7mXeDllw1 ttoHytExsj/6XPvWd/Fd3nmEOlYlyqS1SVNbfJAyuV9N/eRicm8L0cxcdwx1lJqr237p uRdqyn1n62aBX+9PIuCUPwWU5WDrEMJF6lzQxGU1KU8pDhufQWLRVutvaSwkFhGom1bp TVuiOwrLJDAQZWc5PlwHD3uLfJUuNx7i5uibtsmS2jr0QTfzNoBMvD6S2cfYhfZh41wh C6ZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=ZhOJrNSe4tw1TLZXZSk7fj1hsRNpg+r9MLGzlaIJnX8=; b=wPemvTnE3i6UcM3c8Vkb7kSebr6z3DXcCKqsNJ39TEcDX3JLEp46/eJMrjx1e8em3r obE3PgJGfV6E1BP9YIaGH1/huO/NmLODseGFEK6rjHTM60SBGLgKftpmMVudzc1NQauj HcvLsKxXBzTSiMBN/BtkmSwT1i3OGAKIpxKkxSTtI/7Z5Hc0Qrt79jxHxMngeRXTILZi 9Gi6aWdGJWxpzZe94fyLuiWwKUQjzp5Gw90vGdDjZh0yCugG/MJnSe1/9enmfXyBLOmX mPCGXEyHSdOqt9YkZPKID5ak1RYiPZ3aeUiNahMnQwIsnGpV8GruvmulpAB2HgHqDS/k byPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=BhZCytti; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l9-20020a17090270c900b0015d4c2be643si64061plt.488.2022.06.15.13.32.20; Wed, 15 Jun 2022 13:32:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=BhZCytti; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245562AbiFOU0u (ORCPT + 99 others); Wed, 15 Jun 2022 16:26:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344540AbiFOU0j (ORCPT ); Wed, 15 Jun 2022 16:26:39 -0400 Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BD6254197 for ; Wed, 15 Jun 2022 13:26:35 -0700 (PDT) Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-31332df12a6so72892587b3.4 for ; Wed, 15 Jun 2022 13:26:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZhOJrNSe4tw1TLZXZSk7fj1hsRNpg+r9MLGzlaIJnX8=; b=BhZCyttiyADlWlm1Oi+B8BMTTx6bqd7GA0tZaInrvrRxJ/ZkS21VnWpkx3ANg29rru 42iArm24byKHu7RO+x6G7nwfWEcmDX7JX2QriH8rmeDwf7zmfstBXH8G8PgAmEpV/Y5u g1DNUNbfZ5uDyClMMdKNIAM+/FDMdOSfekpxk2Xv8AN+QdyRG4H/NozoUxQHdWM/Gwm0 FAH5t6GFzOKASMnF4Gag/5IYni7Q6ZGzFt+Vw0/BYfLF5KuaPzQfqB26UwowRTT4Z1jN D1pNKUJ9vComISmBavrtcFjwHN8vnsxGdiSWsOZ7pZ9l5IVuVGNvVf/ly9YKSBkZ6nJL T4Uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZhOJrNSe4tw1TLZXZSk7fj1hsRNpg+r9MLGzlaIJnX8=; b=y9K+vYWnYfp/G7jH5Wnr6g2kwXDoAw2BXDcdqQmPCTtA5pNzmDhKCjsgNdlsklCE1S g5agkHTFStN64vdsfy1phxL760ypsX6CsEYkht3EBvc6aSRXYExioV2pqo1L+AQRCi5S fliaQpDbN5plZfLCJeXyn/v3OJSmNs6STs+Jh9hGVTcj5rwaKB0nKe+81sEcqhf5BCxM jha6+GoC0AfWT6lhakwn0X5XlBV2AIpdjaAcEtZwReBPhvBr1IW8ihLM++bbVcrkkL3K wG7vE0Mi5H4U3b6CTeFmrcxXqSJ/atXlMSw6qeV9QV7NHXbDoxl+zSvWXdqjUfVYoawW n1Rw== X-Gm-Message-State: AJIora+gKjH0KtQzSVejPo+HeQqv1RAPk9E9nL9qfEwEpvLo/Hu+iH13 M1tQjnH98fo4Gj3b6Vw1UEcYr29GdT3/n+8qfFGEJQ== X-Received: by 2002:a0d:fa85:0:b0:314:67dd:2566 with SMTP id k127-20020a0dfa85000000b0031467dd2566mr1730949ywf.66.1655324794612; Wed, 15 Jun 2022 13:26:34 -0700 (PDT) MIME-Version: 1.0 References: <20220614210217.1940563-1-martin.fernandez@eclypsium.com> <20220615190519.GA1524500@alison-desk> <20220615195425.GA1524649@alison-desk> In-Reply-To: <20220615195425.GA1524649@alison-desk> From: Daniel Gutson Date: Wed, 15 Jun 2022 17:26:23 -0300 Message-ID: Subject: Re: [PATCH] x86/cpuinfo: Clear X86_FEATURE_TME if TME/MKTME is disabled by BIOS To: Alison Schofield Cc: Richard Hughes , Martin Fernandez , linux-kernel , Borislav Petkov , Dave Hansen , x86@kernel.org, Ingo Molnar , Thomas Gleixner , Alex Bazhaniuk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 15, 2022 at 4:54 PM Alison Schofield wrote: > > On Wed, Jun 15, 2022 at 08:34:58PM +0100, Richard Hughes wrote: > > On Wed, 15 Jun 2022 at 20:06, Alison Schofield > > wrote: > > > My first reaction is lying about the cpuinfo is not a soln, since > > > it creates a problem for a users currently relying on cpuinfo to be > > > the source of truth for TME. > > > > I think you have to qualify "source of truth". At the moment the CPU > > reports "Yes! I support TME!" and then for one reason or another the > > platform turns it off and actually there's no memory encryption of > > your secrets at all. There's seemingly no userspace way of telling if > > TME is actually active. We were told that we shouldn't export the > > "platform has disabled a CPU feature" in sysfs and just to clear the > > cpuid flag that gets exported (like AMD is currently doing) which is > > what Martin proposed here. Programs want to know the true CPU > > capability can do __get_cpuid_count() like they can for the SME/SEV > > capabilities. > > > Disagree on sending folks to use __get_cpuid_count() when they already > have cpuinfo. > > Why is a sysfs entry TME-enabled 0/1 a bad thing? :))) This was my very first patch, and I got half of the community complaining It was so long ago that I don't recall everything, maybe Mart=C3=ADn does? or Richard? It can be documented > to have the same meaning as the log message. > > You keep referring to AMD. How is their exception documented? > > Alison > > > > Are we to tell them to go look in the > > > log now, because fwupd folks didn't want to ;) > > > > We're not telling anyone to use the log; grepping megabytes of > > unformatted kernel logs is a terrible (and slow) way to get one > > boolean value. > > > > Richard.