[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)

To: Tom Lendacky <thomas.lendacky@xxxxxxx>
From: Ingo Molnar <mingo@xxxxxxxxxx>
Date: Sat, 8 Jul 2017 11:24:26 +0200
Cc: linux-efi@xxxxxxxxxxxxxxx, Brijesh Singh <brijesh.singh@xxxxxxx>, Toshimitsu Kani <toshi.kani@xxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, x86@xxxxxxxxxx, linux-mm@xxxxxxxxx, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Alexander Potapenko <glider@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Larry Woodman <lwoodman@xxxxxxxxxx>, linux-arch@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, Jonathan Corbet <corbet@xxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, kasan-dev@xxxxxxxxxxxxxxxx, Ingo Molnar <mingo@xxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Dave Young <dyoung@xxxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, kexec@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>
Delivery-date: Sat, 08 Jul 2017 09:24:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

* Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:

> This patch series provides support for AMD's new Secure Memory Encryption 
> (SME)
> feature.

I'm wondering, what's the typical performance hit to DRAM access latency when 
SME 
is enabled?

On that same note, if the performance hit is noticeable I'd expect SME to not 
be 
enabled in native kernels typically - but still it looks like a useful hardware 
feature. Since it's controlled at the page table level, have you considered 
allowing SME-activated vmas via mmap(), even on kernels that are otherwise not 
using encrypted DRAM?

One would think that putting encryption keys into such encrypted RAM regions 
would 
generally improve robustness against various physical space attacks that want 
to 
extract keys but don't have full control of the CPU.

Thanks,

        Ingo

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)
  - From: Tom Lendacky

References:
- [Xen-devel] [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)
  - From: Tom Lendacky

Prev by Date: [Xen-devel] [PATCH v1] xen/grant-table: log the lack of grants
Next by Date: [Xen-devel] [linux-linus bisection] complete test-amd64-amd64-libvirt-pair
Previous by thread: [Xen-devel] [PATCH v9 38/38] x86/mm: Add support to make use of Secure Memory Encryption
Next by thread: Re: [Xen-devel] [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.