Linux 5.14 Can Create Secret Memory Areas With memfd_secret

Written by Michael Larabel in Linux Kernel on 11 July 2021 at 09:53 AM EDT. 19 Comments
LINUX KERNEL
The "memfd_secret" system call is being added to the Linux 5.14 kernel to provide the ability to create memory areas that are visible only in the context of the owning process and these "secret" memory regions are not mapped by other processes or the kernel page tables.

This work originated with the proposed secretmemfd work for secret memory on Linux and over the past year as memfd_secret has been gping through many rounds of review. The intended use-case for these secret memory areas are cases like OpenSSL private keys potentially being stored within these areas to reduce the possibility they are exposed in system memory and not able to be backed up by other hardware encryption methods with modern hardware.

Using memfd_secret means the memory areas will only be mapped in the page table of the processes that have access to the owning file descriptor and is unmapped from the kernel direct map.


Access to memfd_secret is disabled by default but requires using the secretmem_enable boot time option when booting the kernel to enable this secret memory functionality.

The memfd_secret support for Linux 5.14 was merged on Friday as part of Andrew Morton's patches. The secret memory patches were created by IBM's Mike Rapoport.
19 Comments
Related News
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
MPV 0.38 Media Player Released With New Options & Fixes