[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <80578b72-cb6f-8da9-1043-b4055c75d7f6@intel.com>
Date: Fri, 19 Jun 2020 06:33:34 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Richard Hughes <hughsient@...il.com>
Cc: Daniel Gutson <daniel@...ypsium.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Peter Zijlstra <peterz@...radead.org>,
"David S. Miller" <davem@...emloft.net>,
Rob Herring <robh@...nel.org>, Tony Luck <tony.luck@...el.com>,
Rahul Tanwar <rahul.tanwar@...ux.intel.com>,
Xiaoyao Li <xiaoyao.li@...el.com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Ability to read the MKTME status from userspace
On 6/19/20 6:25 AM, Richard Hughes wrote:
> On Fri, 19 Jun 2020 at 00:52, Dave Hansen <dave.hansen@...el.com> wrote:
>> It doesn't tell you if your data is encrypted.
> Sorry for the perhaps naive question, but I thought MKTME was
> essentially full physical memory encryption?
Nope.
It means there is some encryption available. But, it doesn't tell you
that your data is encrypted. There is persistent memory which isn't
protected by TME, or necessarily protected by MKTME. There can be
memory on accelerators attached by Compute Express Link which isn't
encrypted. There's even an entire bit in the UEFI memory map to tell
the OS which memory can be encrypted or not.
On top of that, the kernel can just swap data out to unencrypted storage.
So, I really wonder what folks want from this flag in the first place.
It really tells you _nothing_.
Powered by blists - more mailing lists