[PATCH v9 00/38] x86: Secure Memory Encryption (AMD)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 7/8/2017 4:24 AM, Ingo Molnar wrote:
> 
> * Tom Lendacky <thomas.lendacky at amd.com> wrote:
> 
>> This patch series provides support for AMD's new Secure Memory Encryption (SME)
>> feature.
> 
> I'm wondering, what's the typical performance hit to DRAM access latency when SME
> is enabled?

It's about an extra 10 cycles of DRAM latency when performing an
encryption or decryption operation.

> 
> On that same note, if the performance hit is noticeable I'd expect SME to not be
> enabled in native kernels typically - but still it looks like a useful hardware

In some internal testing we've seen about 1.5% or less reduction in
performance. Of course it all depends on the workload: the number of
memory accesses, cache friendliness, etc.

> feature. Since it's controlled at the page table level, have you considered
> allowing SME-activated vmas via mmap(), even on kernels that are otherwise not
> using encrypted DRAM?

That is definitely something to consider as an additional SME-related
feature and something I can look into after this.

Thanks,
Tom

> 
> One would think that putting encryption keys into such encrypted RAM regions would
> generally improve robustness against various physical space attacks that want to
> extract keys but don't have full control of the CPU.
> 
> Thanks,
> 
> 	Ingo
> 



[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux