|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2019-01-18 16:30:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] A proposed API for full-memory encryption
Hardware memory encryption is, or will soon be, available on multiple
generic CPUs. In its absence, data is stored — and passes between the
memory chips and the processor — in the clear. Attackers may be able to
access it by using hardware probes or by directly accessing the chips, which is
especially problematic with persistent memory. One new memory-encryption
offering is Intel's Multi-Key
Total Memory Encryption (MKTME) [PDF]; AMD's equivalent is called Secure Encrypted Virtualization
(SEV). The implementation of support for this
feature is in progress for the Linux kernel. Recently, Alison Schofield proposed a user-space API for MKTME, provoking
a long discussion on how memory encryption should be
exposed to the user, if at all.
Hardware memory encryption is, or will soon be, available on multiple
generic CPUs. In its absence, data is stored — and passes between the
memory chips and the processor — in the clear. Attackers may be able to
access it by using hardware probes or by directly accessing the chips, which is
especially problematic with persistent memory. One new memory-encryption
offering is Intel's Multi-Key
Total Memory Encryption (MKTME) [PDF]; AMD's equivalent is called Secure Encrypted Virtualization
(SEV). The implementation of support for this
feature is in progress for the Linux kernel. Recently, Alison Schofield proposed a user-space API for MKTME, provoking
a long discussion on how memory encryption should be
exposed to the user, if at all.
