On Sat, 2018-12-08 at 09:33 +0800, Huang, Kai wrote: > Currently there's no nonce to protect cache line so TME/MKTME is not able to > prevent replay attack > you mentioned. Currently MKTME only involves AES-XTS-128 encryption but > nothing else. But like I > said if I understand correctly even SEV doesn't have integrity protection so > not able to prevent > reply attack as well. You're absolutely correct. There's a also good paper on SEV subvertion: https://arxiv.org/pdf/1805.09604.pdf I don't think this makes MKTME or SEV uselss, but yeah, it is a constraint that needs to be taken into consideration when finding the best way to use these technologies in Linux. /Jarkko
