On Fri, 19 Jun 2020 at 14:22, Borislav Petkov <b...@alien8.de> wrote: > And how is the user going to know from your "module"? AFAICT, your > module loads on any system - not only on ones which have MKTME in CPUID.
I maintain fwupd, which would be one consumer of this information. At the moment we already look at the CPUID for the TME flag, which successfully recognises CPU systems which support the feature. What we don't know is if the firmware platform has disabled the MKTME feature. Ideally we would export two things: 1. that the CPU supports TME (->cpuid, already done) 2. that the platform has not disabled TME in some way The only way we have at the moment to see if TME is supported on the platform (rather than just the CPU) is by grepping the entire systemd journal at boot time, grepping for the "x86/tme: enabled by BIOS" string. With a securityfs/sysfs/procfs file we don't have to do this expensive operation for reading one tiny bit of data. Richard
