[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Huang, Kai
kai.huang at intel.com
Fri Dec 7 10:12:47 UTC 2018
On Thu, 2018-12-06 at 06:59 -0800, Dave Hansen wrote:
> On 12/6/18 3:22 AM, Kirill A. Shutemov wrote:
> > > When you say "disable encryption to a page" does the encryption get
> > > actually disabled or does the CPU just decrypt it transparently i.e.
> > > what happens physically?
> >
> > Yes, it gets disabled. Physically. It overrides TME encryption.
>
> I know MKTME itself has a runtime overhead and we expect it to have a
> performance impact in the low single digits. Does TME have that
> overhead? Presumably MKTME plus no-encryption is not expected to have
> the overhead.
>
> We should probably mention that in the changelogs too.
>
I believe in terms of hardware crypto overhead MKTME and TME should have the same (except MKTME no-
encrypt case?). But MKTME might have additional overhead from software implementation in kernel?
Thanks,
-Kai
More information about the Linux-security-module-archive
mailing list