The Linux State Of AMD's Zen x86 Memory Encryption

Written by Michael Larabel in AMD on 26 September 2016 at 07:21 PM EDT. 19 Comments
AMD
With AMD's forthcoming Zen processors is support for some new memory encryption technologies that are of particular benefit for virtualized environments.

I wrote about Linux patches for AMD memory encryption earlier this year while since then more information has come to light. At last month's Linux Security Summit, David Kaplan presented on these technologies coming with Zen; only today I had come across the slide deck for this presentation.

The technologies come down to Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). SME provides memory encryption on a per-page-table basis using AMD's ARM-based security co-processor. AMD SME + SEV are designed against both user-access attacks and physical access attacks with a particular focus on VM / hypervisor security.

While there are the open-source kernel patches for supporting these memory encryption technologies, the slides confirm that AMD's Secure Processor firmware is not going to be open-source but rather a binary blob distributed with AGESA.

Those interested in this forthcoming AMD memory security technology from the Linux perspective can see this PDF slide deck.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week