Announcement

Collapse
No announcement yet.

Intel Engineer Proposes Software-Based KVM Protected Memory Extension

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Engineer Proposes Software-Based KVM Protected Memory Extension

    Phoronix: Intel Engineer Proposes Software-Based KVM Protected Memory Extension

    While modern AMD EPYC CPUs support Secure Encrypted Virtualization (SEV) and Intel more recently has been working on MKTME for similarly offering hardware-backed total memory encryption, an Intel open-source engineer has now proposed a software-based solution for protected memory support for KVM virtualization...

    http://www.phoronix.com/scan.php?pag...re-Protect-RAM

  • #2
    A solution from Intel that favours a less secure approach. Hmm... well, at least they're consistent!

    Comment


    • #3
      hum... a hardware vendor proposing a software solution ...

      Comment


      • #4
        "Instead of using encryption, this series simply unmaps the memory."

        It's actually a pretty clever trick, if you think about it. TLB will hurt a little bit, but it's not a huge deal.

        Comment


        • #5
          Intel interested in security? What else is practically laughable?

          Comment


          • #6
            Originally posted by vladpetric View Post
            "Instead of using encryption, this series simply unmaps the memory."

            It's actually a pretty clever trick, if you think about it. TLB will hurt a little bit, but it's not a huge deal.
            It takes a lot of hard work to make these changes and there's still a lot that needs to be done. Changes like these are very useful as long as it's configurable.

            I really despise Intel for the past decade, but I have a lot of respect for the engineers that are implementing these types of patches. Intel has a massive market share and any improvement that is easy to apply for typical businesses is a really good thing in my opinion. I wonder of Windows and others will get the same type of patches?

            Off topic generalised rant: I'm still very disappointed in people that host my private data on insecure systems whether that is by buying insecure hardware or writing/using badly written code. I am really annoyed because my hands are tied. I'm getting tired of fake threats/blackmail from evil scammers begging for crypto currency. People don't seem to care about lack of accountability.

            Comment


            • #7
              Originally posted by Jabberwocky View Post

              It takes a lot of hard work to make these changes and there's still a lot that needs to be done. Changes like these are very useful as long as it's configurable.

              I really despise Intel for the past decade, but I have a lot of respect for the engineers that are implementing these types of patches. Intel has a massive market share and any improvement that is easy to apply for typical businesses is a really good thing in my opinion. I wonder of Windows and others will get the same type of patches?

              Off topic generalised rant: I'm still very disappointed in people that host my private data on insecure systems whether that is by buying insecure hardware or writing/using badly written code. I am really annoyed because my hands are tied. I'm getting tired of fake threats/blackmail from evil scammers begging for crypto currency. People don't seem to care about lack of accountability.
              While I was disappointed with Intel's track record over the last 5 years, I for one don't despise them at all. May I ask why you despise them?

              I built myself a server grade PC 5 years ago, with a Haswell Xeon E5 (2640 v3) and it has been working great (super stable). Single-threaded performance is 2/3 of a top-of-the-line CPU from 2020, which is pretty good given the age.

              Comment


              • #8
                Originally posted by ddriver View Post
                Intel interested in security? What else is practically laughable?
                ddriver interested in productive comments?

                Comment


                • #9
                  Originally posted by vladpetric View Post

                  While I was disappointed with Intel's track record over the last 5 years, I for one don't despise them at all. May I ask why you despise them?
                  I despise Intel due to their business practices and I am holding them responsible for lack of innovation in software design, especially gaming. We need more legendary engineers need to publicly talk about or debate hardware and software changes of the past decade in 1-3 hour sessions like this Jim Keller's talk hosted by Lex Fridman or "Uncle" Bob Martin - "The Future of Programming" to alleviate lack of perspective that the general public currently has.

                  A tiny part of Intel has done a huge amounts of amazing work in open source software ecosystem, like I said in my previous post, I value those engineers and the effort that they put in. Intel is obviously not just about CPUs and very happy with Intel network devices. I spend hours and days to research/investigate companies I support. Unfortunately the good does not outweigh the bad in my opinion since the good is at the ground level and the bad is at the top.

                  Here's a list of bad business practices that I have found.Most companies stagnate after becoming a monopoly and most marketing teams "bend the truth", but Intel takes it to a different level. Others might do the same in the future and when that happens I will slam/rant about that too. I have not found any reports of AMD or ARM bribing companies.

                  I built myself a server grade PC 5 years ago, with a Haswell Xeon E5 (2640 v3) and it has been working great (super stable). Single-threaded performance is 2/3 of a top-of-the-line CPU from 2020, which is pretty good given the age.
                  That platform (not just the CPU itself) was a head of time in many ways but cost an arm and a leg. AFAIK the CPU retailed for more than $900 USD. Quad channel DDR4 in 2014 was pretty crazy though! My friend had a 5930K (Haswell-E) and I was very envious. I bought an Ivy Bridge i7 3770 (non-K) when the price dropped and was very happy with the performance. It ran all the games I wanted to play on competitive level without stutter (mostly CS:GO and PUBG). From gaming performance I was happy. The non-k version supported vt-d so I was able to do my initial iommu/vfio testing on it. My CPU had extremely limited PCI-E lanes that was probably the only down side at the time. I value security over performance, so today I have a lot more issues with using it for my use case(s). For example, running something like Qubes OS or setting up a single massive PC with dumb terminals all over your house would just be a waist if you're using Intel and you value security IMO.

                  I usually search on guru3d, anandtech, techpowerup, 3dmark, cinebench, or cpu-z for benchmark results, but it appears that there are very few results for your CPU. I ended up using https://valid.x86.fr/ftbte4 (I would have loved using more metrics but I don't trust other results that I got).

                  Single threaded CPU-Z (1.79 or newer)
                  Haswell Xeon E5 (2640 v3) @ 2.80GHz scores: 296 - 363 (38.37% slower)
                  Ivy Bridge i7 3770 scores: 369 (37.35% slower)
                  Ryzen Threadripper 3990X: 522 (11.38% slower)
                  Ryzen 9 3950X scores: 562 (4.58% slower)
                  Coffee Lake-S i9 9900KS scores: 589

                  Multi threaded CPU-Z (1.79 or newer)
                  Ivy Bridge i7 3770 scores: 1830 (94.34% slower)
                  Haswell Xeon E5 (2640 v3) @ 2.80GHz scores: 2937 - 3055 (90.55% slower)
                  Coffee Lake-S i9 9900KS scores: 6138 (81.02% slower)
                  Ryzen 9 3950X scores: 11098 (65.67% slower)
                  AMD Ryzen Threadripper 3990X: 32332

                  Different workloads will give different results, but considering most software today (especially games) are written for CPUs that were designed between 2002-2005 and produced ~2008. You can't realistically run a benchmark that was designed to run on hardware from 2008 and expect it to give you accurate results on hardware from 2020 (speaking to gamers here). It's like trying to drive a jet on the road with corners to see how fast it will cut the apex and comparing it to a sports car. Architecture has changed completely and yet our gaming testing methodologies have generally stayed the same (Robert C. Martin explains this much better than I do). "Vulkan support is in the roadmap for the engine this year." -- Unigine 13 April, 2017. It's 28 May 2020. It's not easy to do fundamental redesigns you need to plan years ahead.

                  I don't despise Intel for their performance. I probably feel more or less the same as you, simply disappointed. It's a shame that their shrink factor has been stuck for so long. Dennard Scaling's ended between 2005-2007. We knew that it would be extremely difficult to scale single threads. The delays of fab. could have been mitigated by improved design, much like Geforce destroying Radeon even though it's on a larger fab.

                  Additional Ramblings:

                  Intel isn't the only one to blame for stagnation. Development teams rarely have experience and funding to (re)design something from the ground up, while competitors are just reusing what's there/proven-to-work. Gaming companies are fixated on sales, gamers that are buying high single threaded performing CPUs which in return are forcing developers to target most adopted hardware again. It's a vicious cycle. Instead of taking the risk of investing in game engines that are resigned for PC it's less risky to develop for a console where the specs are defined before the time and you can spend years on R&D before any games are designed. Remember this? https://www.youtube.com/watch?v=VhsgiliheP0 I and many others had hoped that Star Citizen was going to be the thing that changed it all, as CIG promised in 2011 but that was a major let down to say the least. The video used the past experience about revolutionary titles like quake, farcry and crysis to gain traction. From a technical point of view they have not brought anything fundamentally new, but still looks like it could be a fun game some day/year.

                  I've always been a massive PC fanboy due the the platform pushed boundaries for so many years and prevented vendor lock-in. I would be very sad if the new gaming consoles would be leading the way in terms of gaming technology (software and hardware). There's some rumours of crazy IP consoles will use (ignore the click-bait title): https://www.youtube.com/watch?v=PW-7Y7GbsiY I hope that some of this IP (hardware and software) will ironically move back into PC platforms.

                  Journalism in these areas are really lacking, almost nobody is reporting on these Intel issues or investigating allegations. I could be wrong about everything, but I could be right too. There's no incentive for someone qualified enough to thoroughly research this and the outcome is that if Intel is truly as bad as I claim, then they can get away with murder. I would be very happy it if Intel bounces back and provides healthy competition for AMD like producing fast and relatively-secure CPUs with many cores as long as Intel as a business becomes less evil. Without investors knowing what's going on in ground floor and just demanding higher ROIs that will never happen. I'm 100% sure Intel has insanely good engineers. It's the leadership that is/was broken.

                  Politics and leadership in massive companies are similar to governments, sometimes you get someone that is very charismatic, stupid, and lies so much that they believe themselves. That person just wrecks the country or the business and it's up to the next person to fix everything. Steve Ballmer was the first one that I noticed that did it. Many followed since. You need mad amounts of ammo to get that person out from where they are.

                  I also found this talk of John Carmack's talk hosted by Joe Rogan where he talked about working hours and R&D techniques. There's a lot that our current generation can learn from the legends that got us to where we are today.

                  Sorry for the long read, there's a ton more than I can say but I'm running out of time. Hope this helps to share my perspective/ramblings.

                  Comment

                  Working...
                  X