Announcement

Collapse
No announcement yet.

Intel Continues Investing In Execute-Only Memory Support For The Linux Kernel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Continues Investing In Execute-Only Memory Support For The Linux Kernel

    Phoronix: Intel Continues Investing In Execute-Only Memory Support For The Linux Kernel

    One of the steps Intel's open-source developers continue working on for Linux is supporting "execute only memory" that will already work with some of today's processors and serve as another defense for bettering the security of systems particularly in a virtualized environment...

    http://www.phoronix.com/scan.php?pag...nly-Kernel-RAM

  • #2
    Too busy adding security vulnerabilities to add any security features

    Comment


    • #3
      Execute only pages would be really really great for security. The main way of accessing program data is through signature scanning the program's code and reading the data by offsets in the code. Looking forward to the support, though I wish it comes to AMD processors soon enough as Intel would still be a security hell even with XO memory.

      Comment


      • #4
        How would this be done? To execute you need to read.

        Comment


        • #5
          Originally posted by tildearrow View Post
          How would this be done? To execute you need to read.
          Instruction fetches (for execution, such as reading the instruction 'mov rbx, [rax]') are seen differently by the processor than data reads (such as the read of '[rax]' in the previous example). The former goes into the iTLB and L1-I, while the former goes into the dTLB and the L1-D as well.

          Comment


          • #6
            Originally posted by tildearrow View Post
            How would this be done? To execute you need to read.
            CPUs read instructions via different mechanism than how they load data. In fact, when you look at CPU architecture diagrams, you'll frequently notice distinct L1 caches for code and data, so the distinction goes fairly deep.

            But, yes, if you put a logic analyzer on the memory bus, the actual reads from DRAM look the same for code and data. At that level, it's all just data.

            Comment

            Working...
            X