From owner-freebsd-current@freebsd.org Mon Oct 7 05:02:12 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D22FC13E3B1; Mon, 7 Oct 2019 05:02:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46mpHl4ty6z4Ght; Mon, 7 Oct 2019 05:02:11 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id a1so25759128ioc.6; Sun, 06 Oct 2019 22:02:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=krAdp5ji7OQTkHc1grZKzNJQxUgJxz+niKClH4r1PL0=; b=BOLYhvyQpc/i5MeVioalPufhO2TNcvgQSQPHORNKX2LHCHyC0tWwFvps6N84ZWXkhm RxBOdg8a+733nqRNG7wOe1kutWUwrwZiTZXZ8ChgbQwD0lBnFZD3ZABc4820oF75+bD8 Hz1rgi4aokZ5l8D5AxaenQPDVe/7fUHVsL5CzwXKJVLt9NhztPaSVydh3oDAmod6tYrs nsjueYZtGCn+s3gAc9jYqrQiTcEzqTZXSHh8aXtBGUmZsjv+s9sUkR4gH978I+3pdjZP etEJgNQ01wkcYMKcZhsos1R5nkU/O/DouiGtcrvu8Lavat2sy2XWzQzXFK+I7Sd8h8o9 QsTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=krAdp5ji7OQTkHc1grZKzNJQxUgJxz+niKClH4r1PL0=; b=lR4AIElnI1iFQJF4vNWR91OaEbRo3s/tTQPQgFtBW0tzgJcZdqsUYeH24n/ngpVFPQ P4ByaEB72Ffj74JQaPN5j3LpSULsZcIzKMkOqkH2G9S+LW/9vw36TOU5DqCyfA8dDRzM +G55vpCedWj6x1l6Xm59ZpQAWEch+6SwEwd9RA0Pvv5UNdsiLis+5JF5GZWZuEtRNEyL lZjrCqeOTsv8ENDyddzK1lznxG6c/wausz4YofiXdWehPP0f0tuHS8H9TcflCFrKMC57 Rh3wqQFL9G5qf/3K9QP3I8NKavRRRZ/HUXIHMm75qBS+2HK8Tnj9ueWqR1vQno/NvWCG GIKg== X-Gm-Message-State: APjAAAW59ufi8sohKTJ5VwOFnv9mHhAQvEV+pCb0lwvDo+NzKQRC0dqn M2ZH9ML/+Q/MUkLDDD8W2MSFJxF6JXDSXora8zF75ujd X-Google-Smtp-Source: APXvYqzNej+dfbHo+pSRYs1IECoWVsvMEuJlOevt0Ohg5Mc6ETBAF1yl2BpjXyljNPr+3/dAHl4JtdCukEZ+rjtCy0Y= X-Received: by 2002:a5e:aa09:: with SMTP id s9mr23353917ioe.22.1570424530189; Sun, 06 Oct 2019 22:02:10 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9f01:0:0:0:0:0 with HTTP; Sun, 6 Oct 2019 22:02:09 -0700 (PDT) In-Reply-To: References: From: grarpamp Date: Mon, 7 Oct 2019 01:02:09 -0400 Message-ID: Subject: Re: AMD Secure Encrypted Virtualization - FreeBSD Status? To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46mpHl4ty6z4Ght X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=BOLYhvyQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d44 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; IP_SCORE(0.00)[ip: (2.24), ipnet: 2607:f8b0::/32(-2.55), asn: 15169(-2.15), country: US(-0.05)]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 05:02:12 -0000 Although somewhat different from the virtualization part of the subject, both... - AMD (Secure Memory Encryption, and Memory Guard) on both EPYC and Ryzen Pro today and - Intel (Multi Key Total Memory Encryption) likely on Xeon in the near future ... also do seem to have some OS dependant bits that would be needing configuration and awareness. You can search them both. This is one of Intel's papers on its version of memory encryption... https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf