[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Huang, Kai
kai.huang at intel.com
Wed Dec 12 23:24:17 UTC 2018
> I strongly suspect that, on L1TF-vulnerable CPUs, MKTME provides no
> protection whatsoever. It sounds like MKTME is implemented in the
> memory controller -- as far as the rest of the CPU and the cache hierarchy
> are concerned, the MKTME key selction bits are just part of the physical
> address. So an attack like L1TF that leaks a cacheline that's selected by
> physical address will leak the cleartext if the key selection bits are set
> correctly.
Right. MKTME doesn't prevent cache based attack. Data in cache is in clear.
Thanks,
-Kai
More information about the Linux-security-module-archive
mailing list