Linux Kernel Seeing Work To Implement MEMFD "Secret Memory Areas"

Written by Michael Larabel in Linux Kernel on 12 February 2020 at 02:00 AM EST. 19 Comments
There is experimental work pending that plumbs support into MEMFD for creating "secret" memory areas. This secret memory support would then be exposed to user-space for different use-cases.

This MEMFD "secret memory" support is about allowing memfd_create() to create memory areas from user-space only visible in the context of the owning process and is not mapped for other processes nor the kernel page tables. After using a new secret flag for memfd_create, the developer can then use an ioctl on the file descriptor to specify the desired protection mode.

This work is being led by IBM engineer Mike Rapoport who last year originally proposed a "MAP_EXCLUSIVE" flag for the Linux kernel memory management code to allow mappings that are visible only to the owning process. This secret memory support for memfd_create is an evolution to the same concept.

One of the intended use-case features for the secret memory areas would be wiring it up for OpenSSL's existing secure heap feature that can be used for storing private keys in more protected memory areas along with similar possibilities in other applications.

More details on this experimental "secret memory" support via this kernel mailing list patch.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week