On Wed 2016-04-27 16:39:51, Borislav Petkov wrote: > On Wed, Apr 27, 2016 at 04:30:45PM +0200, Pavel Machek wrote: > > That does not answer the question. "Why would I want SME on my > > system?". > > Because your question wasn't formulated properly. Here's some text from > the 0th mail which you could've found on your own: > > "The following links provide additional detail: > > AMD Memory Encryption whitepaper: > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf > " Unfortunately that document is marketing junk. AFAICT: SME can protect against cold boot attack and snooping at DRAM level. That's pretty much it. Does the AES encryption take the address as a parameter? SEV may protect against passive attack on the VM. For active attack, they claim it will "probably" crash the VM, but we already know that is untrue, see the work on gaining root using rowhammer. In this case, attacker can choose which address to damage and has precise control of timing. Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
