On 6/25/20 2:39 PM, Andy Lutomirski wrote: > What about MKTME platforms that (using hypothetical future kernel > support) have encryption enabled for a node but have disabled it for > specific pages using madvise()? Or that have any other nontrivial > policy like that?
I think it's fine if the magic new bit means "normal allocations get hardware encryption". If we have a way for users to opt out of that, that's fine with me because the default is to provide it and a user must have gone through _some_ hoop to undo the protection. BTW, although the MKTME hardware and architecture support disabling encryption, we don't have any plans to expose that to applications.
