Closed bronzeMe closed 1 month ago
Bonjourz
commented
3 months ago Hi @bronzeMe , thanks for your interest for HyperEnclave!
Intel's MKTME is a memory encryption feature similar to AMD's SME. HyperEnclave functions in a similar manner under Intel's MKTME. The HyperEnclave equipped with MKTME is still in the process of being developed, so we have not released it now.
bronzeMe
commented
3 months ago Hi @bronzeMe , thanks for your interest for HyperEnclave!
Intel's MKTME is a memory encryption feature similar to AMD's SME. HyperEnclave functions in a similar manner under Intel's MKTME. The HyperEnclave equipped with MKTME is still in the process of being developed, so we have not released it now. Thank you , @Bonjourz So, when HyperEnclave runs on Intel CPU, how does it encrypt/decrypt the memory transparently?
Bonjourz
commented
3 months ago Under Intel's MKTME, HyperEnclave configures the encryption by setting the upper bits of the physical address field in the PTE, which used by secure world software.
Refer to https:://software.intel.com/content/dam/develop/external/us/en/documents-tps/multi-key-total-memory-encryption-spec.pdf for more details.
In the paper, "To thwart physical memory attacks, such as cold boot and bus snooping attacks, HyperEnclave may leverage hardware memory encryption (such as AMD SME [44] and Intel MKTME [42]) to encrypt partial physical memory at the page granularity"
In the current implementation, it seems that only AMD SME is used to conduct memory encryption. How does memory encryption work when running on an Intel CPU? we didn’t see the use of Intel MKTME in the source code.
Thanks.