Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption

From: Mike Rapoport
Date: Sun Dec 05 2021 - 01:07:24 EST

Next message: Kumar, M Chetan: "Re: [PATCH] net: wwan: iosm: select CONFIG_RELAY"
Previous message: Stephan Müller: "Re: [PATCH 16/18] crypto: dh - calculate Q from P for the full public key verification"
In reply to: Martin Fernandez: "Re: [PATCH v3 5/5] drivers/node: Show in sysfs node's crypto capabilities"
Next in thread: Richard Hughes: "Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Martin,

On Fri, Dec 03, 2021 at 04:21:43PM -0300, Martin Fernandez wrote:
> Show for each node if every memory descriptor in that node has the
> EFI_MEMORY_CPU_CRYPTO attribute.
>
> fwupd project plans to use it as part of a check to see if the users
> have properly configured memory hardware encryption capabilities. It's
> planned to make it part of a specification that can be passed to
> people purchasing hardware. It's called Host Security ID:
> https://fwupd.github.io/libfwupdplugin/hsi.html
>
> This also can be useful in the future if NUMA decides to prioritize
> nodes that are able to do encryption.

I'm missing a description about *how* the new APIs/ABIs are going to be
used. This comment also applies to the changelogs of the patches that
mostly describe what the patch does and do not describe why is it needed.

> Changes since v2:
>
> e820__range_mark_crypto -> e820__range_mark_crypto_capable.
>
> In e820__range_remove: Create a region with crypto capabilities
> instead of creating one without it and then mark it.
>
>
> Changes since v1:
>
> Modify __e820__range_update to update the crypto capabilities of a
> range; now this function will change the crypto capability of a range
> if it's called with the same old_type and new_type. Rework
> efi_mark_e820_regions_as_crypto_capable based on this.
>
> Update do_add_efi_memmap to mark the regions as it creates them.
>
> Change the type of crypto_capable in e820_entry from bool to u8.
>
> Fix e820__update_table changes.
>
> Remove memblock_add_crypto_capable. Now you have to add the region and
> mark it then.
>
> Better place for crypto_capable in pglist_data.
>
>
> Martin Fernandez (5):
> mm/memblock: Tag memblocks with crypto capabilities
> mm/mmzone: Tag pg_data_t with crypto capabilities
> Tag e820_entry with crypto capabilities
> x86/efi: Tag e820_entries as crypto capable from EFI memmap
> drivers/node: Show in sysfs node's crypto capabilities
>
> arch/x86/include/asm/e820/api.h | 1 +
> arch/x86/include/asm/e820/types.h | 1 +
> arch/x86/kernel/e820.c | 59 ++++++++++++++++++++++++-------
> arch/x86/platform/efi/efi.c | 25 +++++++++++++
> drivers/base/node.c | 10 ++++++
> include/linux/memblock.h | 5 +++
> include/linux/mmzone.h | 3 ++
> mm/memblock.c | 49 +++++++++++++++++++++++++
> mm/page_alloc.c | 1 +
> 9 files changed, 142 insertions(+), 12 deletions(-)
>
> --
> 2.30.2
>

--
Sincerely yours,
Mike.

Next message: Kumar, M Chetan: "Re: [PATCH] net: wwan: iosm: select CONFIG_RELAY"
Previous message: Stephan Müller: "Re: [PATCH 16/18] crypto: dh - calculate Q from P for the full public key verification"
In reply to: Martin Fernandez: "Re: [PATCH v3 5/5] drivers/node: Show in sysfs node's crypto capabilities"
Next in thread: Richard Hughes: "Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]