The Linux State Of AMD's Zen x86 Memory Encryption

I wrote about Linux patches for AMD memory encryption earlier this year while since then more information has come to light. At last month's Linux Security Summit, David Kaplan presented on these technologies coming with Zen; only today I had come across the slide deck for this presentation.
The technologies come down to Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). SME provides memory encryption on a per-page-table basis using AMD's ARM-based security co-processor. AMD SME + SEV are designed against both user-access attacks and physical access attacks with a particular focus on VM / hypervisor security.
While there are the open-source kernel patches for supporting these memory encryption technologies, the slides confirm that AMD's Secure Processor firmware is not going to be open-source but rather a binary blob distributed with AGESA.
Those interested in this forthcoming AMD memory security technology from the Linux perspective can see this PDF slide deck.
19 Comments