[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

Dave Hansen dave.hansen at intel.com
Thu Dec 6 14:59:10 UTC 2018


On 12/6/18 3:22 AM, Kirill A. Shutemov wrote:
>> When you say "disable encryption to a page" does the encryption get
>> actually disabled or does the CPU just decrypt it transparently i.e.
>> what happens physically?
> Yes, it gets disabled. Physically. It overrides TME encryption.

I know MKTME itself has a runtime overhead and we expect it to have a
performance impact in the low single digits.  Does TME have that
overhead?  Presumably MKTME plus no-encryption is not expected to have
the overhead.

We should probably mention that in the changelogs too.



More information about the Linux-security-module-archive mailing list