Intel Continues Prepping PKS For The Linux Kernel (Protection Keys for Supervisor)

Written by Michael Larabel in Intel on 11 October 2020 at 12:09 AM EDT. 1 Comment
INTEL
Intel engineers continue working on "Protection Keys for Supervisor" support for the Linux kernel as a feature coming to a future generation of processors (presumably Sapphire Rapids). The initial users of this PKS support will be helping to protect persistent memory as well as adding safeguards to Trusted Keys within the Linux kernel.

Protection Keys for Supervisor (PKS) is akin memory protection keys (PKU / PKEYs) that has been supported since 1st Gen Xeon Scalable processors while the "supervisor" focus is in reference to the elevated ring with the kernel. The PKS support will presumably be Sapphire Rapids, based on the recent bring-up of other features coming to that Ice Lake Xeon successor due out around the end of 2021.

Linux for quite some time now has implemented PKU support for memory protection keys while the PKS kernel infrastructure has been coming about along with initial use-cases since the original "request for comments" patches back during the summer months.

There has been the core PKS code for the Linux kernel to serve as a new page protection mechanism for supervisor pages. The PKS functionality is similar to PKU besides the supervisor mode aspect.

The initial use-case for PKS in the Linux kernel has been a PMEM implementation for helping to prevent stray writes to persistent memory. Given that writing to wrong areas of persistent memory could yield latency data corruption, PKS could help in this area

The other new area being explored for PKS is protecting kernel Trusted Keys to help prevent them from potentially being leaked by further restricting access with this hardware security feature.

So all that code is moving along and working its way towards the mainline kernel albeit not coming with the imminent Linux 5.10 cycle. The patches don't provide any further indication as to when the PKS support will be added to Intel CPUs, but given the timing is likely for Sapphire Rapids otherwise early work towards Granite Rapids. We'll see what other PKS use-cases come up in the months ahead.
1 Comment
Related News
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
Intel Enabling Linux Driver Display Support For Upcoming "Battlemage" GPUs
Intel Media Driver 2024Q1 Brings Arrow Lake H Support
Intel Compute Runtime 24.13.29138.7 Brings Improved OpenCL/OpenGL Sharing
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Fedora Linux 40 Available For Download As A Wonderful Upgrade
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"