Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing

Andi Kleen ak@linux.intel.com writes:

Normally disk encryption is in specialized work queues. It's total overkill to restrict all of the kernel if you just want to restrict those work queues.

I would suggest some more analysis where secrets are actually stored and handled first.

Also thinking about this more:

You really only want to limit data tracing here.

If tracing branches could reveal secrets the crypto code would be already insecure due to timing side channels. If that's the case it would already require fixing the crypto code.

-Andi