From owner-freebsd-security@freebsd.org Thu Oct 3 07:48:12 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 398DF12B75B; Thu, 3 Oct 2019 07:48:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46kQ961LfPz3Fx5; Thu, 3 Oct 2019 07:48:09 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id z19so3420643ior.0; Thu, 03 Oct 2019 00:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=ODNEXK1TscdWgLDxhbEZnUv1+je5MDVkheGtcI1vfTI=; b=ScUVgjlQcjZ/bpBQj8HxtK2FaBweH8tEZ8xBPwqifKqycU69+riKDe2epWCcaT1LU/ cbxGAn3xZK9Kr9mYgsraiJfxSHoLOo8zAXgiKzTqGVXUYusgjzyot9PB01UDRe4np6sP 8f/+btSoximHWEu8rcufEIL3SjLDAtAedgS4pgHiskuWc9lgmS1C3RjfE+Ne+OVlWo3p ftm/kEjNVltPYWX0NS0goXp0f3STAubjIXaS6YhKilDmGrH3Zm/m7nxjV3iYJN1klEJh tLhV5KiOP6O+0mM6GM5t9+yf7QlUbR+xAbDQ56i2iZ/D9XDDDbrmA0LsilOaJxD2K4ll Fe7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=ODNEXK1TscdWgLDxhbEZnUv1+je5MDVkheGtcI1vfTI=; b=Q6WwCR2FqYsQVc3qKrrD8EikAPfyf3zkPzec4udx41zqC+30XoEK/EcRbsgI3UFIeJ UdyT1/nNO29NBgrcHNUjk9rOtKTB4R66gOGQ0627LAiIfFkYYoVq3+/DZYpltLBQUDUb 4Dmeaxp9uqThHrh8C/n+ZVCX3SfHTKBraJExjqIcDitHqeJ1j+DNOsGm/8J4syY1IAKU Yqfz/tyM36rX/XpPzDhmNMxsAO3eukP8yCAkgpxGDggGi4ho+RSHbHwm0+/+380Q9E7n 83p+pGuvD2WLa0I/AyjORZFjSYdl/QoP36VaVYtAeibfQtsrWXIOS9hxGMUU+8KqYndy WaqA== X-Gm-Message-State: APjAAAXdW1ENtckNLqAMg4Qge7Gd3frIbQecXrlqWqMkMmxOveA/3uSy dMJa38thJelxsW9zHWEm2bv4tB9Pcp/lLcBXqdc49ITu X-Google-Smtp-Source: APXvYqw6Gcrws+Rq+i328Qfhy8s59IjDzB9QaCD3Lorw7SOKvtrwQDTDHVdLexuvakYrBxVcSL7eg3qWqGgtNh6JjSM= X-Received: by 2002:a92:1598:: with SMTP id 24mr8931325ilv.177.1570088888728; Thu, 03 Oct 2019 00:48:08 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9f01:0:0:0:0:0 with HTTP; Thu, 3 Oct 2019 00:48:08 -0700 (PDT) From: grarpamp Date: Thu, 3 Oct 2019 03:48:08 -0400 Message-ID: Subject: AMD Secure Encrypted Virtualization - FreeBSD Status? To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46kQ961LfPz3Fx5 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=ScUVgjlQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d44 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (2.27), ipnet: 2607:f8b0::/32(-2.57), asn: 15169(-2.16), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 07:48:12 -0000 https://developer.amd.com/sev/ https://github.com/AMDESE/AMDSEV https://arstechnica.com/gadgets/2019/08/a-detailed-look-at-amds-new-epyc-rome-7nm-server-cpus/ http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf https://libvirt.org/kbase/launch_security_sev.html "AMD is also using its Secure Processor to enable a couple of key features that we believe aren't getting enough attention: Secure Memory Encryption and Secure Encrypted Virtualization. There's an AES-128 engine inside Epyc's memory controller, with the keys managed by the SEP. If SME is enabled in the system BIOS, all RAM in the system will be encrypted using a single key provided by the SEP and decrypted when requested by the CPU. Expanding upon SME, SEV allows guests' allocated RAM to be encrypted with individual keys, separate from the one used by the host operating system."