Re: [PATCH] Ability to read the MKTME status from userspace

From: Richard Hughes
Date: Fri Jun 19 2020 - 09:37:57 EST


On Fri, 19 Jun 2020 at 14:33, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
> On top of that, the kernel can just swap data out to unencrypted storage.

Right, but for the most part you'd agree that a machine with
functioning TME and encrypted swap partition is more secure than a
machine without TME?

> So, I really wonder what folks want from this flag in the first place.
> It really tells you _nothing_.

Can I use TME if the CPU supports it, but the platform has disabled
it? How do I know that my system is actually *using* the benefits the
TME feature provides?

Richard.