Difference between revisions of "x86/tme"

Revision as of 11:55, 16 December 2017

x86
Instruction Set Architecture

Total Memory Encryption (TME) is a planned x86 instruction set extension for a full physical memory encryption for DRAM and NVRAM with a single ephemeral key. Multi-Key Total Memory Encryption (MKTME) refers to an enhanced support that builds on top of TME and adds multiple encryption keys.

Preliminary Data! Information presented in this article deal with future products, data, features, and specifications that have yet to be finalized, announced, or released. Information may be incomplete and can change by final release.

Overview

TME and MKTME are a planned x86 instruction set extension that provides full physical memory encryption support for DRAM and NVRAM. TME is the base extension which adds the base capabilities for a single ephemeral key. MKTME is a further enhancement of TME that provides support for page granular memory encryption through support for multiple encryption keys.

Total Memory Encryption

The Total Memory Encryption (TME) provides the base functionality to allow for full physical memory encryption. The extension is designed to work with unmodified existing software applications and systems. This feature is enabled via the BIOS during the initial boot process with very minor modifications. Once activated, all data sent on the external memory buses of the chip are encrypted using the standard NIST AES-XTS algorithm (although support for additional encryption scheme is possible in the future). The implementation uses a hardware random generator to generate the 128-bit key and is not accessible by software or through any external interface.

Performance

The exact performance impact will greatly depend on the workload, but overall the performance impact should be minimal.

@@ Line 1: / Line 1: @@
 {{x86 title|Total Memory Encryption (TME)}}{{x86 isa main}}
 '''Total Memory Encryption''' ('''TME''') is a planned [[x86]] [[instruction set]] extension for a full physical memory encryption for [[DRAM]] and [[NVRAM]] with a single ephemeral key. '''Multi-Key Total Memory Encryption''' ('''MKTME''') refers to an enhanced support that builds on top of TME and adds multiple encryption keys.
+{{future information}}
+== Overview ==
+TME and MKTME are a planned [[x86]] instruction set {{x86|extension}} that provides full physical memory encryption support for [[DRAM]] and [[NVRAM]]. TME is the base extension which adds the base capabilities for a single ephemeral key. MKTME is a further enhancement of TME that provides support for page granular memory encryption through support for multiple encryption keys.
+== Total Memory Encryption  ==
+The '''Total Memory Encryption''' ('''TME''') provides the base functionality to allow for full physical memory encryption. The extension is designed to work with unmodified existing software applications and systems. This feature is enabled via the BIOS during the initial boot process with very minor modifications. Once activated, all data sent on the external memory buses of the chip are encrypted using the standard NIST [[AES-XTS]] algorithm (although support for additional encryption scheme is possible in the future). The implementation uses a [[hardware random generator]] to generate the 128-bit key and is not accessible by software or through any external interface.
+== Performance ==
+The exact performance impact will greatly depend on the workload, but overall the performance impact should be minimal.

WikiChip

The Fuse Coverage

Social Media

Companies

Microarchitectures

Technology Nodes

Intel

AMD

ARM

Cavium

Samsung

Intel

AMD

Ampere

Apple

Cavium

HiSilicon

MediaTek

NXP

Qualcomm

Renesas

Samsung

Revision as of 11:55, 16 December 2017

Overview

Total Memory Encryption

Performance