From WikiChip
Editing x86/sme

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

This page supports semantic in-text annotations (e.g. "[[Is specified as::World Heritage Site]]") to build structured and queryable content provided by Semantic MediaWiki. For a comprehensive description on how to use annotations or the #ask parser function, please have a look at the getting started, in-text annotation, or inline queries help pages.

Latest revision Your text
Line 5: Line 5:
  
 
== Motivation ==
 
== Motivation ==
Servers host a great deal of data including large sets of private client information. When stored in [[main memory]] in [[plain text]], this data can be exposed to various [[user access attacks]] such as administrators scraping memory of guest data or a [[hypervisor]] bug allowing hosted guest to steal data from neighboring guest virtual machines. Furthermore, data stored in DRAM in plain text can be susceptible to [[physical access attacks]] allowing data to be stolen, especially for devices such as [[NVDIMM]]s.
+
Servers host a great deal of data including large sets of private client information. When stored in [[main memory]], this data can be exposed to various [[user access attacks]] such as administrators scraping memory of guest data or a [[hypervisor]] bug allowing hosted guest to steal data from neighboring guest virtual machines. Furthermore, data stored in DRAM in plain text can be susceptible to [[physical access attacks]] allowing data to be stolen, especially for devices such as [[NVDIMM]]s.
  
The SME extension attempts to defend against those attacks by allowing the entirety of main memory to be encrypted as well as by enforcing full isolation between co-resident VMs. With the addition of SEV, this security can be extended to cloud users that can have fully private memory inaccessible to hypervisor or host software.
+
The SME extension attempts to defend against those attacks by allowing the entirety of main memory to be encrypted as well as by enforcing full isolation between co-resident VMs. With the addition of SEV, this security can be extended to cloud users that can have fully private memory inaccessible to hypervisor or host software.
  
 
== Overview ==
 
== Overview ==

Please note that all contributions to WikiChip may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see WikiChip:Copyrights for details). Do not submit copyrighted work without permission!

Cancel | Editing help (opens in new window)