[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Sakkinen, Jarkko
jarkko.sakkinen at intel.com
Sat Dec 8 03:53:50 UTC 2018
On Sat, 2018-12-08 at 09:33 +0800, Huang, Kai wrote:
> Currently there's no nonce to protect cache line so TME/MKTME is not able to
> prevent replay attack
> you mentioned. Currently MKTME only involves AES-XTS-128 encryption but
> nothing else. But like I
> said if I understand correctly even SEV doesn't have integrity protection so
> not able to prevent
> reply attack as well.
You're absolutely correct.
There's a also good paper on SEV subvertion:
https://arxiv.org/pdf/1805.09604.pdf
I don't think this makes MKTME or SEV uselss, but yeah, it is a
constraint that needs to be taken into consideration when finding the
best way to use these technologies in Linux.
/Jarkko
More information about the Linux-security-module-archive
mailing list