Re: [PATCH] Ability to read the MKTME status from userspace

From: Richard Hughes
Date: Fri Jun 19 2020 - 10:36:58 EST


On Fri, 19 Jun 2020 at 15:23, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
> Last night, I asked my kids if they brushed their teeth. They said:
> "Dad, my toothbrush was available." They argued that mere availability
> was a better situation than not *having* a toothbrush. They were
> logically right, of course, but they still got cavities.

I don't see how that's comparable, sorry. Surely Intel wants to sell
hardware advertising TME as a security feature?

> > So my take-away from that is that it's currently impossible to
> > actually say if your system is *actually* using TME.
> Not in a generic way, and it can't be derived from cpuid or MSRs alone.

Well, it seems not in any way at the moment.

> I'm pretty sure I'm using TME, but I didn't become sure from
> poking at sysfs.

How do you know that Lenovo didn't disable TME without looking at
dmesg? I don't think "pretty sure" is good enough when TME is
considered a security feature.

Richard