lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Jul 2017 11:24:26 +0200 From: Ingo Molnar <mingo@...nel.org> To: Tom Lendacky <thomas.lendacky@....com> Cc: linux-arch@...r.kernel.org, linux-efi@...r.kernel.org, kvm@...r.kernel.org, linux-doc@...r.kernel.org, x86@...nel.org, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com, xen-devel@...ts.xen.org, linux-mm@...ck.org, iommu@...ts.linux-foundation.org, Brijesh Singh <brijesh.singh@....com>, Toshimitsu Kani <toshi.kani@....com>, Radim Krčmář <rkrcmar@...hat.com>, Matt Fleming <matt@...eblueprint.co.uk>, Alexander Potapenko <glider@...gle.com>, "H. Peter Anvin" <hpa@...or.com>, Larry Woodman <lwoodman@...hat.com>, Jonathan Corbet <corbet@....net>, Joerg Roedel <joro@...tes.org>, "Michael S. Tsirkin" <mst@...hat.com>, Ingo Molnar <mingo@...hat.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Dave Young <dyoung@...hat.com>, Rik van Riel <riel@...hat.com>, Arnd Bergmann <arnd@...db.de>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Borislav Petkov <bp@...en8.de>, Andy Lutomirski <luto@...nel.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Dmitry Vyukov <dvyukov@...gle.com>, Juergen Gross <jgross@...e.com>, Thomas Gleixner <tglx@...utronix.de>, Paolo Bonzini <pbonzini@...hat.com> Subject: Re: [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) * Tom Lendacky <thomas.lendacky@....com> wrote: > This patch series provides support for AMD's new Secure Memory Encryption (SME) > feature. I'm wondering, what's the typical performance hit to DRAM access latency when SME is enabled? On that same note, if the performance hit is noticeable I'd expect SME to not be enabled in native kernels typically - but still it looks like a useful hardware feature. Since it's controlled at the page table level, have you considered allowing SME-activated vmas via mmap(), even on kernels that are otherwise not using encrypted DRAM? One would think that putting encryption keys into such encrypted RAM regions would generally improve robustness against various physical space attacks that want to extract keys but don't have full control of the CPU. Thanks, Ingo
Powered by blists - more mailing lists