Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas
From: Florian Weimer
Date: Wed Aug 26 2020 - 15:01:44 EST
* Andy Lutomirski:
>> I _believe_ there are also things like AES-NI that can get strong
>> protection from stuff like this. They load encryption keys into (AVX)
>> registers and then can do encrypt/decrypt operations without the keys
>> leaving the registers. If the key was loaded from a secret memory area
>> right into the registers, I think the protection from cache attacks
>> would be pretty strong.
>
> Except for context switches :)
An rseq sequence could request that the AVX registers should be
cleared on context switch. (I'm mostly kidding.)
I think the main issue is that we do not have a good established
programming model to actually use such features and completely avoid
making copies of secret data.