Intel’s Total Memory Encryption, a new x86 extension for full memory encryption

With the introduction of EPYC earlier this year, AMD brought three new security technologies to enterprise customers: Secure Memory Encryption (SME), and its subsets Transparent SME (TSME), and Secure Encrypted Virtualization (SEV).

SME offers per-page memory encryption using a dedicated AES engine. AMD later introduced Transparent SME (TSME) for their Ryzen PRO workstation processors. TSME acts in a similar way to SME but instead of per-page encryption, the entire memory is encrypted without any software intervention, allowing legacy software to run unmodified. SEV further extends SME to AMD-V, allowing guest virtual machines to run under SME using their own private key, creating an isolation layer between the hypervisor/OS and the guest VMs. Keys are managed by AMD’s Secure Processor (AMD-SP), an ARM Cortex-A5 MCU that acts as a dedicated security subsystem.

 

Total Memory Encryption

Now, Intel has released the first revision of their new memory encryption specification. The specs call for two new x86 extensions:

Note that those extensions are very different to Software Guard Extensions (SGX) which allows processes to create enclaves or private memory regions.

The base extension, TME, provides the necessary functionality for full memory encryption. A single 128-bit key, not accessible to software, is generated by the microprocessor at each boot time which is used to encrypt all data sent on the external memory buses. MKTME builds on TME by providing support for multiple keys, allowing for page-granular memory encryption. The extension can also work with various virtualization schemes such as allowing VMs to have their own private memory. The extension is highly flexible and can work with non-volatile memory as well as key provisioning services, including support for over-provisioning.

Different Implementations

As you might expect from Chipzilla, MK/TME are a much more complex extension compared to AMD’s SME. Whereas AMD uses a single C-bit to mark encrypted pages (and SEV extends this to guest page tables), Intel specs call for a whole KeyID to be stored in the physical address, re-purposing some of the physical address bits in the process. Each page is assigned a KeyID which is an index to an internal table maintained by the MKTME engine which stores a 128-bit AES key and its associated mode of operation. This allows for some complex schemes whereby processes can have their own private memory (using their own KeyID) as well as shared encrypted memory (shared KeyIDs) with the other processes/VM. It’s worth noting that even multiple different private pages are possible through the use of multiple KeyIDs.

 
 

KeyID is part of the physical address bits in order to communicate the KeyID to the encryption engines

There is also flexibility as far as modes go. Currently, the specs allow for just one mode, AES-XTS, but reserves additional bits for future algorithms. The initial implementation will focus on DRAM and NVRAM but might extend to other storage devices later on. If you are interested, you can check our in-depth article on Total Memory Encryption for the full rundown.

There is no indication when Intel plans on implementing this extension and the current specs are in very early stages and could change quite a bit by the time things gets finalized.

Specs

Intel Memory Encryption Technologies, External Architecture Specification. Rev Number: 1.0



Spotted an error? Help us fix it! Simply select the problematic text and press Ctrl+Enter to notify us.

Subscribe
Notify of
guest
5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Nathen
Nathen
2 years ago

I actually like their implementation much more than SME. It seems incredibly powerful for doing things such as running a couple VMs and having their own privately encrypted shared memory for totally private communication. Helpful in many producer-consumer models.

Anonymous
Anonymous
Reply to  Nathen
2 years ago

I actually ended up finding this post looking for information about which Intel CPUs have TME. turns out Intel still has no implementation. I guess Epyc is the way to go for now.

Anonym685743
Anonym685743
2 years ago

this SCREAMS drm. How could anyone want this on their computer, considering it will be at best opt out, and required if you want to watch netflix, and possibly other pseudouseful services 🙁

Mike L
Mike L
Reply to  Anonym685743
2 years ago

I guess people can use it for DRM but this FAR more useful for servers and cloud providers. That’s clearly what they are aiming at here. This would provide total isolation between VMs including the provider and hypervisor itself. That’s incredibly useful.

5
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: