Re: [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:

> This patch series provides support for AMD's new Secure Memory Encryption (SME)
> feature.

I'm wondering, what's the typical performance hit to DRAM access latency when SME 
is enabled?

On that same note, if the performance hit is noticeable I'd expect SME to not be 
enabled in native kernels typically - but still it looks like a useful hardware 
feature. Since it's controlled at the page table level, have you considered 
allowing SME-activated vmas via mmap(), even on kernels that are otherwise not 
using encrypted DRAM?

One would think that putting encryption keys into such encrypted RAM regions would 
generally improve robustness against various physical space attacks that want to 
extract keys but don't have full control of the CPU.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux