Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp993287rwi;
        Thu, 27 Oct 2022 09:50:55 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4FGdcwU4Ayl+bVKMg9kqEwPb7h0G55vfsasN4nV6GjToSGcbvbg2Le/YjohaxLirhzQ/hw
X-Received: by 2002:a17:907:2d2c:b0:78d:d289:7efd with SMTP id gs44-20020a1709072d2c00b0078dd2897efdmr42994044ejc.166.1666889444343;
        Thu, 27 Oct 2022 09:50:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666889444; cv=none;
        d=google.com; s=arc-20160816;
        b=lq5HpHr+2RRa60SCyV248q/6FXjmp8UUuzqFebJ6k4or7ntit75NMd7ScNIprzFCbW
         zVIbEFq/F0ziz8PIoj34/V9H49PoGMBerURf3e4/Zn6dFagF5WGfVgAdzoSMuLJbfhCJ
         NB6dF8fFFyuRakIrZ0BAFiRPv+7RxSw9OWlp6roYJ8oExvXwVBlzZtTVEQPjb3G3BSfI
         0FMwjgoNBY/zlXmaDwXUAsV+BkB9twPQst+NiYwNbRJvSHGKqxOhNIwWKfFSNTx0g0La
         8Xau+Vn6KvCOTo7YhVHW857b4DkURk29yTqwkf54JwTPHSio2R2usSJ8VhKMi8WRGk2w
         chOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=/zBdMuO+v1VJIvsJga/Ym7iCoDdhGW1AwxBYbggzuGw=;
        b=Z1o8wMqvxDSdTxuxomsw+dy7pH36/NBQ1Mn5lbpRgFdzaVAjYJrKbNlMxzpg5NXUXj
         qH3qhZ+weZeUMu7OvfVkHRqnieCgV0Tj9vzUlHNjDw6dwUcuUqchhKaiOCDYzg3xYLY2
         mkeodxyKDPYshKGTLujCtdk1a8qx1QnD0NvUgC8A/d7HuOTS6WxmB4RJhzZ8D4pWhf9N
         pyErCGI5Ty/vq0xG5/PsbVASrayZqoZhPhHU4eSGRb7RE47bjZa69ZmqOW5wTQOjdHJc
         Wo7x8jLHbXyL4r1W+TR9HazZr+Jqs/IEcKCHA9h3mbiHZ4FoK8nw49meZsEestea9b8d
         pN4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=XumHiQ0S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id c9-20020a05640227c900b00459528ef81bsi2467987ede.324.2022.10.27.09.50.18;
        Thu, 27 Oct 2022 09:50:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=XumHiQ0S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236003AbiJ0PWU (ORCPT <rfc822;arvinlake4755@gmail.com>
        + 99 others); Thu, 27 Oct 2022 11:22:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41600 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236513AbiJ0PVu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Oct 2022 11:21:50 -0400
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B739E8049B;
        Thu, 27 Oct 2022 08:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1666884098; x=1698420098;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=oIFe3ETvGueK4heImMYjCz/snuv7scKeOIGa2nELdHM=;
  b=XumHiQ0STtcAelQAglZD1xkKPELcDDJ7F1oNnqh0IWOle5JIPT5aIAW4
   HyfJO/cAFMzrZTNgn2gUL6AKzaNnZdrlzvWL6YBTeLChpqBUXN/b+S5gN
   Ek26nEfFx5+eIDfkIBkll+aF4rYZhqIaytfSEcHBg0GB9kFM21isonOs4
   TdZTqctwssilg7hvR4qDk8SUv/9A5bnZyaPxwQE/HQkewBfyEjV67qdO2
   NJUldM3eptFkav+83np3KdJlv3J0esDOLgEFYd6pbSmThZz2aJYmpZaAD
   KYg364XBSTk4eo2fox5fuLLFJ0AxHGfVntbq8fprcBtgByx5K4njHs+8K
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="308245482"
X-IronPort-AV: E=Sophos;i="5.95,218,1661842800"; 
   d="scan'208";a="308245482"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2022 08:21:06 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="627203741"
X-IronPort-AV: E=Sophos;i="5.95,218,1661842800"; 
   d="scan'208";a="627203741"
Received: from vstelter-mobl.amr.corp.intel.com (HELO [10.212.214.108]) ([10.212.214.108])
  by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2022 08:21:03 -0700
Message-ID: <6758af9b-1110-ad5a-3961-e256d5c8d576@intel.com>
Date:   Thu, 27 Oct 2022 08:21:02 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Subject: Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do
 encryption
Content-Language: en-US
To:     Borislav Petkov <bp@alien8.de>,
        Martin Fernandez <martin.fernandez@eclypsium.com>
Cc:     linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
        platform-driver-x86@vger.kernel.org, linux-mm@kvack.org,
        kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org,
        tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com,
        x86@kernel.org, hpa@zytor.com, ardb@kernel.org,
        dvhart@infradead.org, andy@infradead.org,
        gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org,
        akpm@linux-foundation.org, daniel.gutson@eclypsium.com,
        hughsient@gmail.com, alex.bazhaniuk@eclypsium.com,
        alison.schofield@intel.com, keescook@chromium.org
References: <20220704135833.1496303-1-martin.fernandez@eclypsium.com>
 <Y0hrhzprPFTK+VWV@zn.tnic>
 <CAKgze5ajp-z0+F+8Qo2z=834=i=HNa5=s54MLyrk16wQVnxCzQ@mail.gmail.com>
 <Y1pH/DuYJeo7Kyo5@zn.tnic>
From:   Dave Hansen <dave.hansen@intel.com>
In-Reply-To: <Y1pH/DuYJeo7Kyo5@zn.tnic>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/27/22 01:57, Borislav Petkov wrote:
> Well, I still think this is not going to work in all cases. SME/TME can
> be enabled but the kernel can go - and for whatever reason - map a bunch
> of memory unencrypted.

For TME on Intel systems, there's no way to make it unencrypted.  The
memory controller is doing all the encryption behind the back of the OS
and even devices that are doing DMA.  Nothing outside of the memory
controller really knows or cares that encryption is happening.