Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
AMD "Trusted Memory Zone" Encrypted vRAM Support Coming To Their Linux GPU Driver
Trusted Memory Zone (TMZ) support appears to be present going back to the original Vega graphics processors but this is the first time we're seeing it implemented on the Linux side. Trusted Memory Zone protects the contents of TMZ'ed pages from being read by the CPU (non-GPU) clients and fend off writes to the protected pages. AMD TMZ support is being used to offer secure buffer object support on Linux.
The Linux kernel driver will expose buffer object level protection and expose a new "encrypted" flag to user-space with the GEM memory management ioctl for allocating memory with the secure buffer TMZ bit in the PTE set. Only trusted blocks within the GPU (graphics, SDMA, VCN engines) are able to decrypt the encrypted data. Volleyed today were the AMDGPU kernel driver patches for this Trusted Memory Zone support while the user-space libdrm patches and the rest are coming.
The kernel portion is up for review here. Ultimately the support will be available out-of-the-box on supported GPUs, but for now it's hidden behind the amdgpu.tmz= module parameter until the support is completely baked. Due to the timing, the AMD TMZ support will land in Linux 5.5 at the earliest.