Re: [PATCH] Ability to read the MKTME status from userspace

From: Richard Hughes
Date: Fri Jun 19 2020 - 09:31:48 EST

Next message: Ming Lei: "Re: kprobe: __blkdev_put probe is missed"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH net 2/2] net: phy: Check harder for errors in get_phy_id()"
In reply to: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Next in thread: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Jun 2020 at 14:22, Borislav Petkov <bp@xxxxxxxxx> wrote:
> And how is the user going to know from your "module"? AFAICT, your
> module loads on any system - not only on ones which have MKTME in CPUID.

I maintain fwupd, which would be one consumer of this information. At
the moment we already look at the CPUID for the TME flag, which
successfully recognises CPU systems which support the feature. What we
don't know is if the firmware platform has disabled the MKTME feature.
Ideally we would export two things:

1. that the CPU supports TME (->cpuid, already done)
2. that the platform has not disabled TME in some way

The only way we have at the moment to see if TME is supported on the
platform (rather than just the CPU) is by grepping the entire systemd
journal at boot time, grepping for the "x86/tme: enabled by BIOS"
string. With a securityfs/sysfs/procfs file we don't have to do this
expensive operation for reading one tiny bit of data.

Richard

Next message: Ming Lei: "Re: kprobe: __blkdev_put probe is missed"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH net 2/2] net: phy: Check harder for errors in get_phy_id()"
In reply to: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Next in thread: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]