Announcement

Collapse
No announcement yet.

AMD Posts Secure Memory Encryption For The Linux Kernel (SME)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD Posts Secure Memory Encryption For The Linux Kernel (SME)

    Phoronix: AMD Posts Secure Memory Encryption For The Linux Kernel (SME)

    Well, today seems to be the day for x86 CPU vendors to push out memory security related features for the Linux kernel... After Intel posted the Secure Guard Extensions driver for Linux, AMD has come out with a patch-set for "Secure Memory Encryption" (SME) that looks like it will be a hardware feature of Zen...

    http://www.phoronix.com/scan.php?pag...ory-Encryption

  • #2
    That actually sounds pretty badass.

    Comment


    • #3
      Seems like this would help guard against cold boot attacks; very cool. I'm wondering who asked for this. :-)

      Comment


      • #4
        That PDF link doesn't seem to work.

        Comment


        • #5
          Good idea in theory, but we don't have a trustable processor to apply it on due to that underlying management processor the LIbreboot folks warned about on post-AM3+ procs/boards.

          Would AMD really let you encrypt your keys against their own blob or the government's modified versions signed with AMD's key? We won't know until someone steps through that underlying "security processor" and that firmware blob that LIbreboot warned about instruction by instruction. To do so might require X-ray analysis of the processor to work out the hardware instructions used by that firmware.

          Comment


          • #6
            1. Yes, as Tomin said the link is broken / 404.

            2. I wondern if that can also be used AGAINST us, the users, the dev community. This feature could also be used e.g. in new gaming consoles (next PS Neo or plus or whatev. it was called, Nintendo is planning something that does involve AMD,...) - thus making it much harder to get our beloved penguin onto them.
            Other than that, yes, it might help against cold boot attacks, unless the means of decryption are also accessible somewhere.
            Stop TCPA, stupid software patents and corrupt politicians!

            Comment


            • #7
              Michael, I highly DISAPPROVE of this approve-posts-thing.
              Stop TCPA, stupid software patents and corrupt politicians!

              Comment


              • #8
                Originally posted by Luke View Post
                Good idea in theory, but we don't have a trustable processor to apply it on due to that underlying management processor the LIbreboot folks warned about on post-AM3+ procs/boards.

                Would AMD really let you encrypt your keys against their own blob or the government's modified versions signed with AMD's key? We won't know until someone steps through that underlying "security processor" and that firmware blob that LIbreboot warned about instruction by instruction. To do so might require X-ray analysis of the processor to work out the hardware instructions used by that firmware.
                Guess we'll see whether MPAA or NDA have more leverage. It's in MPAA's best interest there are no backdoors as this will probably be used for copy protection

                Comment


                • #9
                  Key question: where are the keys stored.

                  Comment


                  • #10
                    Originally posted by Tomin View Post
                    That PDF link doesn't seem to work.
                    http://amd-dev.wpengine.netdna-cdn.c..._v7-Public.pdf
                    This is the full link :3

                    Comment

                    Working...
                    X