Re: [RFC PATCH v1 00/18] x86: Secure Memory Encryption (AMD)
From: Pavel Machek
Date: Wed Apr 27 2016 - 11:48:09 EST
On Wed 2016-04-27 16:39:51, Borislav Petkov wrote:
> On Wed, Apr 27, 2016 at 04:30:45PM +0200, Pavel Machek wrote:
> > That does not answer the question. "Why would I want SME on my
> > system?".
>
> Because your question wasn't formulated properly. Here's some text from
> the 0th mail which you could've found on your own:
>
> "The following links provide additional detail:
>
> AMD Memory Encryption whitepaper:
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
> "
Unfortunately that document is marketing junk.
AFAICT:
SME can protect against cold boot attack and snooping at DRAM
level. That's pretty much it.
Does the AES encryption take the address as a parameter?
SEV may protect against passive attack on the VM. For active attack,
they claim it will "probably" crash the VM, but we already know that
is untrue, see the work on gaining root using rowhammer. In this case,
attacker can choose which address to damage and has precise control of
timing.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html