> I strongly suspect that, on L1TF-vulnerable CPUs, MKTME provides no > protection whatsoever. It sounds like MKTME is implemented in the > memory controller -- as far as the rest of the CPU and the cache hierarchy > are concerned, the MKTME key selction bits are just part of the physical > address. So an attack like L1TF that leaks a cacheline that's selected by > physical address will leak the cleartext if the key selection bits are set > correctly. Right. MKTME doesn't prevent cache based attack. Data in cache is in clear. Thanks, -Kai
