Very cool indeed !
Carmen Vitullo ----- Original Message ----- From: "John McKown" <[email protected]> To: [email protected] Sent: Wednesday, May 9, 2018 8:29:14 AM Subject: OT: AMD Eypc processor -- RAM encrypt/decrypt built in This is interesting. Reminds me a bit of IBM's newest "Pervasive Encryption". https://www.theregister.co.uk/2017/06/20/amd_epyc_launch/ There are three modes. The one that is really interesting is the SEV mode, designed to be used when running a hypervisor. " Each VM is assigned an address space ID (ASID) as normal by the hypervisor, and this ID is tied to an encryption key held in the controller. When CPU core time is given to a virtual machine, the controller takes the VM's ASID, looks up its private key, and uses that for encrypting and decrypting all memory accesses on the fly. The hypervisor has its own ASID – zero – and can never see the keys. Thus not even a rogue or hijacked hypervisor can make sense of a virtual machine's contents, let alone any other software running in other VMs, because all the data will appear scrambled. The hypervisor and host operating system simply don't have the keys. " You simply cannot effectively read one VM's memory contents from a different VM. And you can't read data even if you have some sort of "rogue" PCIe card installed to "sniff" the PCIe bus because the data on the bus is encrypted. -- We all have skeletons in our closet. Mine are so old, they have osteoporosis. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
