Announcement

Collapse
No announcement yet.

AMD Secure Memory Encryption Patches Updated For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD Secure Memory Encryption Patches Updated For Linux

    Phoronix: AMD Secure Memory Encryption Patches Updated For Linux

    Adding to the list of changes/features you will not find in Linux 4.13 is AMD's Secure Memory Encryption as supported by the new EPYC processors...

    http://www.phoronix.com/scan.php?pag...ure-Memory-V10

  • #2
    Typo:

    Originally posted by phoronix View Post
    The AMD Secure Memory Encryption (SME) paches in their v10 form disable this feature when built for 32-bit

    Comment


    • #3
      Is this a new feature of AMD processors? Or is this a generic kernel feature that will eventually have Intel support?

      Comment


      • #4
        Originally posted by doublez13 View Post
        Is this a new feature of AMD processors? Or is this a generic kernel feature that will eventually have Intel support?
        This is a feature of AMD's new Epyc server processors they have positioned to compete with high end Xeons. If Intel adds this it will be a copy and pasted feature and it won't be any time soon. The main use case for this AMD highlighted is the example of your VM being hosted in AWS and Amazon not being able to see what you have going on inside your VM or it's memory.

        Comment


        • #5
          This will also apply for Ryzen PRO as they have the same features as EPYC?

          Comment


          • #6
            Originally posted by No Username View Post
            This will also apply for Ryzen PRO as they have the same features as EPYC?
            I believe it is a feature of the Zen micro architecture, so ALL zen based processors will have it (even the puny little ones)

            Comment


            • #7
              so, The hypervisor can't just NOP the instructions?
              It should be interesting to read how they prevent that. Does anyone have the documentation link?

              Comment


              • #8
                I may be wrong, but I don't believe this can protect a guest against a hypervisor that is hostile to start with. It can protect against attacks that escape from another guest and take over the hypervisor while it is running.

                If the hypervisor sets up the guest and lies about the memory encryption, I don't see how the guest could tell.

                Comment


                • #9
                  Here is the white paper from AMD: http://developer.amd.com/wordpress/m..._v7-Public.pdf

                  On page 11 it talks about how the guest can verify it is running on a genuine AMD SEV host with encrypted RAM.

                  However, I can imagine at least three ways that an evil hypervisor could scan for the verification code in the executable and rewrite it to believe it is genuine when it isn't. It does raise the difficulty a lot. But there's no DRM scheme that hasn't been broken so far.

                  Comment


                  • #10
                    Originally posted by boxie View Post

                    I believe it is a feature of the Zen micro architecture, so ALL zen based processors will have it (even the puny little ones)
                    Transparent Secure Memory Encryption is a feature advertised for Ryzen PRO not available on regular Ryzen.

                    Comment

                    Working...
                    X