While I am glad, shadow stacks and the other control flow integrity extensions are finally becoming available four years after the first published specification, I wonder if MKTME or per VM memory encryption is coming to end-user devices, too.
AMD seems to reserve the feature to EPYCs, only, which I think is rather short sighted. The ability to run VMs in secured enclaves e.g. for corporate vs. private or banking/insurance/e-government/e-health/home-IoT etc. is going to be a key catalyst and differentiator.
AFAIK the potential is all there in the silicon for Zen 3 and Intel's gen11 and it's BIOS and process limitations from now on to make it happen.
MKTME may be an 'enterprise' class feature, but it takes secured enclaves on both sides to really make it happen. I see mobile SoCs picking up this feature and if the desktop wants to retain relevant, it needs to seed this capability, not put it behind a pay wall.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
1 Comments
Back to Article
abufrejoval - Wednesday, January 13, 2021 - link
While I am glad, shadow stacks and the other control flow integrity extensions are finally becoming available four years after the first published specification, I wonder if MKTME or per VM memory encryption is coming to end-user devices, too.AMD seems to reserve the feature to EPYCs, only, which I think is rather short sighted. The ability to run VMs in secured enclaves e.g. for corporate vs. private or banking/insurance/e-government/e-health/home-IoT etc. is going to be a key catalyst and differentiator.
AFAIK the potential is all there in the silicon for Zen 3 and Intel's gen11 and it's BIOS and process limitations from now on to make it happen.
MKTME may be an 'enterprise' class feature, but it takes secured enclaves on both sides to really make it happen. I see mobile SoCs picking up this feature and if the desktop wants to retain relevant, it needs to seed this capability, not put it behind a pay wall.