Re: [PATCH v9 0/9] x86: Show in sysfs if a memory node is able to do encryption

From: Dave Hansen
Date: Thu Oct 27 2022 - 11:22:23 EST


On 10/27/22 01:57, Borislav Petkov wrote:
> Well, I still think this is not going to work in all cases. SME/TME can
> be enabled but the kernel can go - and for whatever reason - map a bunch
> of memory unencrypted.

For TME on Intel systems, there's no way to make it unencrypted. The
memory controller is doing all the encryption behind the back of the OS
and even devices that are doing DMA. Nothing outside of the memory
controller really knows or cares that encryption is happening.