Re: [PATCH] Ability to read the MKTME status from userspace
From: Borislav Petkov
Date: Fri Jun 19 2020 - 09:22:54 EST
On Fri, Jun 19, 2020 at 10:01:36AM -0300, Daniel Gutson wrote:
> Then the user will not know that he/she could improve the security of the
> system by enabling the feature in the BIOS.
And how is the user going to know from your "module"? AFAICT, your
module loads on any system - not only on ones which have MKTME in CPUID.
> The fact that the CPU has the cap and the BIOS disables it, can
> trigger a prevention action.
I can only venture guesses what "prevention action" is - you'll have to
be more verbose here.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette