Date: Mon, 25 Jan 2021 03:55:45 -0500 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Subject: Re: AMD's memory encryption (aka SME) Message-ID: <CAD2Ti2_3q6k2g1twH4-R3W0gCbjUxYuFBYT0PMFR9NYVB3xyEg@mail.gmail.com> In-Reply-To: <rtf6no$r1u$1@ciao.gmane.io> References: <rtf6no$r1u$1@ciao.gmane.io>
next in thread | previous in thread | raw e-mail | index | archive | help
> does anyone have an opinion on AMD's "Secure Memory Encryption"? This > transparently encrypts all/most RAM pages. > Looking at some tech docs, this seems fairly easy to implement. > I was wondering if someone has attempted that already, or knows of > reasons why not to. Consider applications to rowhammer, cold boot attacks, shared hosting, VM, poison, etc... there are papers on some use cases. AMD SME has some different levels with EPYC being full featured, TR and PRO differently, than even consumer cpu last. FreeBSD should also implement sysctl that writes random to all memory (even over kernel) just before halt / reboot call. Similar for unallocated upon sleep, upon alloc release, and as background scrub. User can already choose random upon alloc with malloc.conf but that is different than above. Also: memtest86[+] integration.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_3q6k2g1twH4-R3W0gCbjUxYuFBYT0PMFR9NYVB3xyEg>