On 7/8/2017 4:24 AM, Ingo Molnar wrote: > > * Tom Lendacky <thomas.lendacky at amd.com> wrote: > >> This patch series provides support for AMD's new Secure Memory Encryption (SME) >> feature. > > I'm wondering, what's the typical performance hit to DRAM access latency when SME > is enabled? It's about an extra 10 cycles of DRAM latency when performing an encryption or decryption operation. > > On that same note, if the performance hit is noticeable I'd expect SME to not be > enabled in native kernels typically - but still it looks like a useful hardware In some internal testing we've seen about 1.5% or less reduction in performance. Of course it all depends on the workload: the number of memory accesses, cache friendliness, etc. > feature. Since it's controlled at the page table level, have you considered > allowing SME-activated vmas via mmap(), even on kernels that are otherwise not > using encrypted DRAM? That is definitely something to consider as an additional SME-related feature and something I can look into after this. Thanks, Tom > > One would think that putting encryption keys into such encrypted RAM regions would > generally improve robustness against various physical space attacks that want to > extract keys but don't have full control of the CPU. > > Thanks, > > Ingo >
