From linux-kernel  Mon May 16 08:39:06 2022
From: Richard Hughes <hughsient () gmail ! com>
Date: Mon, 16 May 2022 08:39:06 +0000
To: linux-kernel
Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption
Message-Id: <CAD2FfiHe3hCSNHEA0mSWPbH4LEWhj+FgxkhO83U1GgYEJR6wrw () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=linux-kernel&m=165269030925020

On Fri, 6 May 2022 at 20:02, Boris Petkov <bp@alien8.de> wrote:
> Remember - this all started with "i wanna say that mem enc is active" and now we're so far deep down the rabbit hole...

This is still something consumers need; at the moment users have no
idea if data is *actually* being encrypted. I think Martin has done an
admirable job going down the rabbit hole to add this functionality in
the proper manner -- so it's actually accurate and useful for other
use cases to that of fwupd.

At the moment my professional advice to people asking about Intel
memory encryption is to assume there is none, as there's no way of
verifying that it's actually enabled and working. This is certainly a
shame for something so promising, touted as an enterprise security
feature.

Richard