I'd wager it's only that large either because there are an equal number of independent hardware blocks doing the encryption/decryption (because that many simultaneous streams at wire-speed isn't going to be software) and/or because that tag needs to be attached to e.g. page table entries and bits are at a premium.
I'd also guess the 3 tags shy of 512 are reserved for something like unencrypted memory, hypervisor memory, and maybe host-OS memory but more likely for the Intel Management Engine (and AMD equivalent).
Still, it would be nice to know the exact reason, like 0 being no encryption, 1 encryption for host memory, or sth like that. Is there some gentle introduction to the internals of SEV?
could be a "header" or something along those lines to "give" the 512 total, they start at 509, but if they went say 510 "given keys" after overhead, tags, encryption etc, would end up instead being like 514+ therefore cannot give as many "users" per cluster sort of speak
seems like this with many things tech wise, 1TB is not the "english" language way of wording, they instead use 1 of 2 methods so the byte/bits add to the 1TB...overhead, have to have page headers or what have you..I always wondered why they just did not make EXACT the number WE expect, even if this meant cramming extra on or some crud...
but that is "tech" for you, coding and all that, for me and you 1+1=2, but with fancy computer crud, it likely breaks the nice mold, much like that 1GHZ CPU is more or less NEVER to run exact this way..
word games, not knowing the reason for the reason sucks either way ^.^
"A number of 30 MB gifs were created by Google to showcase the new cVMs. Rather than share them with you in an outdated 1989 format, we converted them to video"
Hah, even Google has given up on webp.
I can't wait until AVIF(S) is a widely supported thing.
Google is a technologically advanced company on the bleeding edge of - well mostly just on the bleeding edge of baiting people into using their services in order to run a profiling and advertising venture. No one ever said they had a clue how to use anything more modern than a sh*tty set of GIF images (eyes YouTube and then shrugs).
All the Intel "vulnerabilities" are only achievable in the lab - would likely be the same with the AMD "vulnerabilities". Neither have any attacks in the wild - none are actually exploitable. Even in the lab the attacks were hit or miss.
AMD are niche at best - so just like for the longest time there were very few Mac exploits - because they weren't worth the time. You put any tech under enough scrutiny and you will find all kinds of holes. This reminds me of Van Eck devices - being able to read CRTs at a distance - very interesting but ultimately not really usable.
Isn't Rowhammer still a thing on both Intel and AMD?
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
20 Comments
Back to Article
olafgarten - Tuesday, July 14, 2020 - link
I wonder why there is a limit of 509 keys, that seems like an arbitrary number.jtd871 - Tuesday, July 14, 2020 - link
Maybe 512 keys - some number of reserved slots?willis936 - Wednesday, July 15, 2020 - link
Yes, but why 512? They didn’t want to use more than 9 bits on the index? It isn’t 1977.ravyne - Thursday, July 16, 2020 - link
I'd wager it's only that large either because there are an equal number of independent hardware blocks doing the encryption/decryption (because that many simultaneous streams at wire-speed isn't going to be software) and/or because that tag needs to be attached to e.g. page table entries and bits are at a premium.I'd also guess the 3 tags shy of 512 are reserved for something like unencrypted memory, hypervisor memory, and maybe host-OS memory but more likely for the Intel Management Engine (and AMD equivalent).
HyperText - Tuesday, July 14, 2020 - link
It is not the well-rounded 512 keys number because probably around the size of 3 keys (509 + 3 = 512) is needed as overhead to manage the 509 keys.kobblestown - Tuesday, July 14, 2020 - link
Still, it would be nice to know the exact reason, like 0 being no encryption, 1 encryption for host memory, or sth like that. Is there some gentle introduction to the internals of SEV?Kamen Rider Blade - Tuesday, July 14, 2020 - link
Maybe 3 of the slots are used for Keys to Encrypt certain parts of Memory to protect itself ahead of time?Dragonstongue - Tuesday, July 14, 2020 - link
could be a "header" or something along those lines to "give" the 512 total, they start at 509, but if they went say 510 "given keys" after overhead, tags, encryption etc, would end up instead being like 514+ therefore cannot give as many "users" per cluster sort of speakseems like this with many things tech wise, 1TB is not the "english" language way of wording, they instead use 1 of 2 methods so the byte/bits add to the 1TB...overhead, have to have page headers or what have you..I always wondered why they just did not make EXACT the number WE expect, even if this meant cramming extra on or some crud...
but that is "tech" for you, coding and all that, for me and you 1+1=2, but with fancy computer crud, it likely breaks the nice mold, much like that 1GHZ CPU is more or less NEVER to run exact this way..
word games, not knowing the reason for the reason sucks either way ^.^
avbohemen - Tuesday, July 14, 2020 - link
In the video, the CPU used is an AMD EPYC 7B12 (family: 0x17, model: 0x31, stepping: 0x0) You can see that 3 seconds from the end.brucethemoose - Tuesday, July 14, 2020 - link
"A number of 30 MB gifs were created by Google to showcase the new cVMs. Rather than share them with you in an outdated 1989 format, we converted them to video"Hah, even Google has given up on webp.
I can't wait until AVIF(S) is a widely supported thing.
edzieba - Tuesday, July 14, 2020 - link
"I can't wait until AVIF(S) is a widely supported thing."Don't make me link that XKCD comic!
brucethemoose - Tuesday, July 14, 2020 - link
Indeed...Its the best shot so far, but I guess thats true of the whole gif replacement graveyard.
peevee - Tuesday, July 14, 2020 - link
Please do. 14-15?brucethemoose - Tuesday, July 14, 2020 - link
https://xkcd.com/927/PeachNCream - Tuesday, July 14, 2020 - link
Google is a technologically advanced company on the bleeding edge of - well mostly just on the bleeding edge of baiting people into using their services in order to run a profiling and advertising venture. No one ever said they had a clue how to use anything more modern than a sh*tty set of GIF images (eyes YouTube and then shrugs).SirPerro - Monday, July 27, 2020 - link
I hope you are kidding. Google is indeed technologically advance on the bleeding edge. Sometimes almost magically so.Brane2 - Tuesday, July 14, 2020 - link
Key phrase being "reducing the risk".IIRC an exploit has been published.
Brane2 - Tuesday, July 14, 2020 - link
Ofcourse obligatory backdoors are still secret.Deicidium369 - Tuesday, July 14, 2020 - link
All the Intel "vulnerabilities" are only achievable in the lab - would likely be the same with the AMD "vulnerabilities". Neither have any attacks in the wild - none are actually exploitable. Even in the lab the attacks were hit or miss.AMD are niche at best - so just like for the longest time there were very few Mac exploits - because they weren't worth the time. You put any tech under enough scrutiny and you will find all kinds of holes. This reminds me of Van Eck devices - being able to read CRTs at a distance - very interesting but ultimately not really usable.
Isn't Rowhammer still a thing on both Intel and AMD?
PeachNCream - Tuesday, July 14, 2020 - link
You must not be aware that this only provides temporary relief for your symptoms.