I thought the Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) already were in the kernel.
https://lkml.org/lkml/2016/4/26/1127
https://lkml.org/lkml/2016/4/26/1109
https://lkml.org/lkml/2016/4/26/1114
https://lkml.org/lkml/2016/8/22/960
http://amd-dev.wpengine.netdna-cdn.c..._v7-Public.pdf
If someone finds a broken link in one of the lkml messages it's archived here

No it wasn't merged before, those previous patches you mention have just been patches on the mailing list and "request for comments"

I heard they didn't add that feature because NSA needed this ability.
Now that NSA has control over the ME/PSP/TrustZone/whatever "security coprocessor", they can freely add all the security features they want to make people feel safe.

#tinfoil-we-need-more-of-it

Actually, that would have worked fine - data fetches still have to be decrypted when the CPU reads them, or any other load would fail and your BASIC interpreter would not run.

You're thinking if your Z-80 had a segmented address space with different keys for each segment, and there were different segment boundaries within the 64k address space you're referring to. Then yes, it wouldn't work, but the Z-80 didn't have that hardware capability so no worries lol.

Being able to encrypt memory in different contexts is probably the biggest step in process and ring isolation since ring isolation. Oh no, I said ring... now I'm picturing green space al-Qaeda with hair feet lol