Announcement

Collapse
No announcement yet.

AMD Secure Memory Encryption Patches Updated For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • TMM_
    replied
    You obviously can't protect against a hostile hypervisor but you can protect against hostile cotenants with a system like this. I don't think AMD ever claimed otherwise.

    Leave a comment:


  • Adarion
    replied
    I'm not up to date but wasn't all that SME done via a PSP part? SME and SEV do sound interesting, but things with relation to a closed blob with ring <0 rights is a very mixed bag to say the least.

    Leave a comment:


  • No Username
    replied
    Originally posted by boxie View Post

    I believe it is a feature of the Zen micro architecture, so ALL zen based processors will have it (even the puny little ones)
    Transparent Secure Memory Encryption is a feature advertised for Ryzen PRO not available on regular Ryzen.

    Leave a comment:


  • Zan Lynx
    replied
    Here is the white paper from AMD: http://developer.amd.com/wordpress/m..._v7-Public.pdf

    On page 11 it talks about how the guest can verify it is running on a genuine AMD SEV host with encrypted RAM.

    However, I can imagine at least three ways that an evil hypervisor could scan for the verification code in the executable and rewrite it to believe it is genuine when it isn't. It does raise the difficulty a lot. But there's no DRM scheme that hasn't been broken so far.

    Leave a comment:


  • Zan Lynx
    replied
    I may be wrong, but I don't believe this can protect a guest against a hypervisor that is hostile to start with. It can protect against attacks that escape from another guest and take over the hypervisor while it is running.

    If the hypervisor sets up the guest and lies about the memory encryption, I don't see how the guest could tell.

    Leave a comment:


  • FastCode
    replied
    so, The hypervisor can't just NOP the instructions?
    It should be interesting to read how they prevent that. Does anyone have the documentation link?

    Leave a comment:


  • boxie
    replied
    Originally posted by No Username View Post
    This will also apply for Ryzen PRO as they have the same features as EPYC?
    I believe it is a feature of the Zen micro architecture, so ALL zen based processors will have it (even the puny little ones)

    Leave a comment:


  • No Username
    replied
    This will also apply for Ryzen PRO as they have the same features as EPYC?

    Leave a comment:


  • Geopirate
    replied
    Originally posted by doublez13 View Post
    Is this a new feature of AMD processors? Or is this a generic kernel feature that will eventually have Intel support?
    This is a feature of AMD's new Epyc server processors they have positioned to compete with high end Xeons. If Intel adds this it will be a copy and pasted feature and it won't be any time soon. The main use case for this AMD highlighted is the example of your VM being hosted in AWS and Amazon not being able to see what you have going on inside your VM or it's memory.

    Leave a comment:


  • doublez13
    replied
    Is this a new feature of AMD processors? Or is this a generic kernel feature that will eventually have Intel support?

    Leave a comment:

Working...
X