[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Enable Secure Memory Encryption (SME) - kernel parameter mem_encrypt - by default?

AMD CPU part:

https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html

    mem_encrypt=    [X86-64] AMD Secure Memory Encryption (SME) control
                    Valid arguments: on, off
                    Default (depends on kernel configuration option):
                      on  (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y)
                      off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n)
                    mem_encrypt=on:         Activate SME
                    mem_encrypt=off:        Do not activate SME

                    Refer to Documentation/virt/kvm/amd-memory-encryption.rst
                    for details on when memory encryption can be activated.

https://www.kernel.org/doc/Documentation/virt/kvm/amd-memory-encryption.rst

Should we enable this by default in package security-misc?


Intel CPU:

What would be the Intel equivalent? Intel MKTME? But that doesn’t seem ready at time of writing?


Does this help to defeat cold boot attacks?

Related:
Is RAM Wipe possible inside Whonix? Cold Boot Attack Defense

1 Like

No, the current implementation in the kernel is incomplete/buggy and it can prevent some devices from booting.

Kinda. The attacker can siphon the encryption keys out of the CPU or dump the memory before it’s encrypted but that would be hard. If they can’t do either of those though, memory would be remain encrypted to the attacker, thus defeating a cold boot attack.

2 Likes

madaidan via Whonix Forum:

No, the current implementation in the kernel is incomplete/buggy and it can prevent some devices from booting.

https://github.com/anthraxx/linux-hardened/issues/16

Agreed. Glad you brought that up.

Kinda. The attacker can siphon the encryption keys out of the CPU or dump the memory before it’s encrypted but that would be hard. If they can’t do either of those though, memory would be remain encrypted to the attacker, thus defeating a cold boot attack.

I haven’t seen any reports of anyone dissecting any modern CPU and
extracting data from in. In theory, of course, it’s conceivable. I guess
that was the idea of https://en.wikipedia.org/wiki/TRESOR - RAM was
vulnerable to information disclosure but for CPU’s nobody announced
managing that yet.

Indeed, encrypting RAM is nice and we should enable it if there were no
major downsides such as the ones linked above, but wiping RAM is better.
Should do both if possible.

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]