Announcement

Collapse
No announcement yet.

Linux 4.14 To Get 5-Level Paging, AMD Secure Memory Encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 4.14 To Get 5-Level Paging, AMD Secure Memory Encryption

    Phoronix: Linux 4.14 To Get 5-Level Paging, AMD Secure Memory Encryption

    Ingo Molnar has sent in his many pull requests of new feature work targeting the Linux 4.14 merge window...

    http://www.phoronix.com/scan.php?pag...14-MM-SME-5LVL

  • #2
    I thought the Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) already were in the kernel.
    https://lkml.org/lkml/2016/4/26/1127
    https://lkml.org/lkml/2016/4/26/1109
    https://lkml.org/lkml/2016/4/26/1114
    https://lkml.org/lkml/2016/8/22/960
    http://amd-dev.wpengine.netdna-cdn.c..._v7-Public.pdf
    If someone finds a broken link in one of the lkml messages it's archived here
    Last edited by Nille_kungen; 09-04-2017, 10:25 AM.

    Comment


    • #3
      Originally posted by Nille_kungen View Post
      I thought the Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) already were in the kernel.
      https://lkml.org/lkml/2016/4/26/1109
      https://lkml.org/lkml/2016/4/26/1114
      https://lkml.org/lkml/2016/8/22/960
      http://amd-dev.wpengine.netdna-cdn.c..._v7-Public.pdf
      If someone finds a broken link in one of the lkml messages it's archived here
      No it wasn't merged before, those previous patches you mention have just been patches on the mailing list and "request for comments"
      Michael Larabel
      http://www.michaellarabel.com/

      Comment


      • #4
        Originally posted by InsideJob View Post
        but if my TRS-80 that booted into Microsoft BASIC had secure memory this never would have worked:

        For T = 0 to 65535;print chr$(peek(T));Next T
        I heard they didn't add that feature because NSA needed this ability.
        Now that NSA has control over the ME/PSP/TrustZone/whatever "security coprocessor", they can freely add all the security features they want to make people feel safe.

        #tinfoil-we-need-more-of-it

        Comment


        • #5
          Originally posted by InsideJob View Post
          Won't stop al-Qaeda in Outer Space from landing a UFO full of little green terrorists on 9-11, but if my TRS-80 that booted into Microsoft BASIC had secure memory this never would have worked:

          For T = 0 to 65535;print chr$(peek(T));Next T

          Standard Troll © 2017 Phoronix Forums
          Actually, that would have worked fine - data fetches still have to be decrypted when the CPU reads them, or any other load would fail and your BASIC interpreter would not run.

          You're thinking if your Z-80 had a segmented address space with different keys for each segment, and there were different segment boundaries within the 64k address space you're referring to. Then yes, it wouldn't work, but the Z-80 didn't have that hardware capability so no worries lol.

          Being able to encrypt memory in different contexts is probably the biggest step in process and ring isolation since ring isolation. Oh no, I said ring... now I'm picturing green space al-Qaeda with hair feet lol
          Last edited by linuxgeex; 09-04-2017, 03:51 PM.

          Comment

          Working...
          X