From: Dave Hansen <dave.hansen@intel.com>
To: Richard Hughes <hughsient@gmail.com>
Cc: Daniel Gutson <daniel@eclypsium.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
"David S. Miller" <davem@davemloft.net>,
Rob Herring <robh@kernel.org>, Tony Luck <tony.luck@intel.com>,
Rahul Tanwar <rahul.tanwar@linux.intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Ability to read the MKTME status from userspace
Date: Fri, 19 Jun 2020 07:23:40 -0700 [thread overview]
Message-ID: <3d454068-fd4e-4399-4bf5-2d010bb2ba7d@intel.com> (raw)
In-Reply-To: <CAD2FfiHCi2MfShGWaYWk_GcXW4xVr6chsLPZs78OJE+2_GErVg@mail.gmail.com>
On 6/19/20 7:09 AM, Richard Hughes wrote:
> On Fri, 19 Jun 2020 at 14:58, Dave Hansen <dave.hansen@intel.com> wrote:
>>> Right, but for the most part you'd agree that a machine with
>>> functioning TME and encrypted swap partition is more secure than a
>>> machine without TME?
>>
>> Nope. There might be zero memory connected to the memory controller
>> that supports TME.
>
> So you're saying that a machine with TME available and enabled is not
> considered more secure than a machine without TME?
Yes, it is not necessarily more secure.
> What I want to do is have a sliding scale of TME not available < TME
> available but disabled < TME available and enabled < TME available,
> enabled and being used. The extra nugget of data gets me from state 2
> to state 3.
I'd assert that availability tells you nothing if you don't pair it with
use.
Last night, I asked my kids if they brushed their teeth. They said:
"Dad, my toothbrush was available." They argued that mere availability
was a better situation than not *having* a toothbrush. They were
logically right, of course, but they still got cavities.
>>> Can I use TME if the CPU supports it, but the platform has disabled
>>> it? How do I know that my system is actually *using* the benefits the
>>> TME feature provides?
>>
>> You must have a system with UEFI 2.8, ensure TME is enabled, then make
>> sure the OS parses EFI_MEMORY_CPU_CRYPTO, then ensure you request that
>> you data be placed in a region marked with EFI_MEMORY_CPU_CRYPTO, and
>> that it be *kept* there (hint: NUMA APIs don't do this).
>
> So my take-away from that is that it's currently impossible to
> actually say if your system is *actually* using TME.
Not in a generic way, and it can't be derived from cpuid or MSRs alone.
Let's say I'm buying a fleet of servers. I know I'm buying some fancy
Xeon with TME, I know I'm only using DRAM for storing user data, and I
don't have any accelerators around. I control and enforce my BIOS
settings. I'm pretty sure I'm using TME, but I didn't become sure from
poking at sysfs.
next prev parent reply other threads:[~2020-06-19 14:23 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-18 21:02 [PATCH] Ability to read the MKTME status from userspace Daniel Gutson
2020-06-18 21:08 ` Dave Hansen
[not found] ` <CAFmMkTHNxSN_uWtm63TdkGxj44NXQQKEOmATXhjA=4DSCS92kQ@mail.gmail.com>
2020-06-18 22:01 ` Borislav Petkov
[not found] ` <CAFmMkTGMAu-huTnP1aeMb_W4NddbTD_b2jhbDVKBDrkwgB97wg@mail.gmail.com>
2020-06-19 7:40 ` Borislav Petkov
[not found] ` <CAFmMkTGV0ZR6C=EBGQAiz1vw1vrUXSLTnH5ZbBUvfhPLg_tF6g@mail.gmail.com>
2020-06-19 13:22 ` Borislav Petkov
2020-06-19 13:31 ` Richard Hughes
2020-06-19 13:44 ` Borislav Petkov
2020-06-19 13:50 ` Richard Hughes
2020-06-19 15:48 ` Andy Lutomirski
2020-06-19 16:17 ` Borislav Petkov
2020-06-19 16:28 ` Andy Lutomirski
2020-06-19 16:31 ` Richard Hughes
2020-06-19 16:10 ` Borislav Petkov
2020-06-19 16:33 ` Richard Hughes
2020-06-19 16:40 ` Greg Kroah-Hartman
2020-06-19 16:47 ` Richard Hughes
2020-06-19 19:41 ` Andy Lutomirski
2020-06-19 19:58 ` Richard Hughes
2020-06-19 20:20 ` Andy Lutomirski
2020-06-19 20:24 ` Dave Hansen
2020-06-22 9:34 ` Boris Petkov
2020-06-18 23:52 ` Dave Hansen
2020-06-19 7:41 ` Borislav Petkov
2020-06-19 13:25 ` Richard Hughes
2020-06-19 13:33 ` Dave Hansen
2020-06-19 13:37 ` Richard Hughes
2020-06-19 13:58 ` Dave Hansen
2020-06-19 14:09 ` Richard Hughes
2020-06-19 14:23 ` Dave Hansen [this message]
2020-06-19 14:36 ` Richard Hughes
2020-06-19 14:48 ` Dave Hansen
2020-06-19 15:02 ` Richard Hughes
2020-06-19 15:36 ` Dave Hansen
2020-06-19 7:20 ` Greg Kroah-Hartman
[not found] ` <CAFmMkTF7QBJQdKxhsPiUPifsxykyCVv=NYandpB0z8EccAxMXw@mail.gmail.com>
2020-06-19 14:02 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2020-06-25 0:33 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3d454068-fd4e-4399-4bf5-2d010bb2ba7d@intel.com \
--to=dave.hansen@intel.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=daniel@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rahul.tanwar@linux.intel.com \
--cc=robh@kernel.org \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.