Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Intel Engineer Proposes Software-Based KVM Protected Memory Extension

Written by Michael Larabel in Virtualization on 24 May 2020 at 09:00 AM EDT. 8 Comments

VIRTUALIZATION

While modern AMD EPYC CPUs support Secure Encrypted Virtualization (SEV) and Intel more recently has been working on MKTME for similarly offering hardware-backed total memory encryption, an Intel open-source engineer has now proposed a software-based solution for protected memory support for KVM virtualization.

The proposed KVM protected memory extension is a software-based solution for protecting guest memory from unauthorized host access, at least in partial form. This prevents the host kernel from accidentally leaking guest data, host user-space access to guest data, and similar solutions. But unlike Intel MKTME and AMD SEV, this does not provide full protection against the host kernel being compromised or hardware-based attacks.

Basically this KVM protected memory extension would offer some additional safeguards in a virtualized environment but not as thorough as the modern hardware-based protections.

Currently this KVM extension is being proposed under a "request for comments" flag and the patches knowingly need further improvement before any potential mainlining. More details on this security proposal via this kernel mailing list thread by Intel's Kirill Shutemov.

8 Comments

Related News

Cloud Hypervisor 39 Adds NVIDIA GPUDirect P2P Support

QEMU 9.0 Released WIth True Multi-Queue Support For VirtIO Block Driver

CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions

More Efficient VirtIO DRM Driver To Import Scanout Buffers From Other Devices

KVM Virtualization With Linux 6.9 Brings More Optimizations For Intel & AMD

LXD 5.21 LTS Released With UI By Default, AMD SEV Memory Encryption For VMs

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Fedora Linux 40 Available For Download As A Wonderful Upgrade

AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"

Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries

Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"

GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance

Systemd 256-rc1 Brings A Huge Number Of New Features

Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times

NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver