Announcement

Collapse
No announcement yet.

Mitigating RAMBleed through Secure Memory Encryption on AMD CPUs, performance impact?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mitigating RAMBleed through Secure Memory Encryption on AMD CPUs, performance impact?

    The latest bad news in IT security is RAMBleed, an attack derived from Rowhammer which allows malicious code running on your system to read memory of other processes. This time, ECC memory is no defense, unlike Rowhammer where ECC would raise the attack difficulty by an order of magnitude.

    I assume that memory encryption such as AMD's Secure Memory Encryption (SME) will mitigate this attack. According to the AMD white paper on Memory Encryption, there is a small latency increase for accessing encrypted memory.

    Michael and Phoronix readers who have Zen based systems, if you could
    • check for the "sme" flag in /proc/cpuinfo,
    • enable SME in the UEFI/BIOS (if an option exists),
    • ensure that your kernel is built with CONFIG_AMD_MEM_ENCRYPT=y,
    • boot with mem_encrypt=on kernel parameter,
    • look in dmesg for "AMD Secure Memory Encryption (SME) active"
    could you measure what the performance difference is between mem_encrypt=on and off? I expect that the memory access latency increase might hurt games in CPU limit, or some branch heavy code like compiling.

  • #2
    As a quick test, I compiled linux-5.1 defconfig on tmpfs, two compile runs each for mem_encrypt=on and mem_encrypt=off respectively.
    Code:
    #1 mem_encrypt=off
    
    real    2m20,480s
    user    24m16,459s
    sys     1m59,538s
    
    #1 mem_encrypt=on
    
    real    2m20,803s
    user    24m27,440s
    sys     2m2,971s
    
    #2 mem_encrypt=off
    
    real    2m20,324s
    user    24m14,792s
    sys     1m58,890s
    
    #2 mem_encrypt=on
    
    real    2m20,920s
    user    24m25,816s
    sys     2m1,877s

    Comment

    Working...
    X