Intel MKTME overview. Image credit: Intel
Intel announced a new patchset for the next version of the Linux kernel that will enable Multi-Key Total Memory Encryption (MKTME). The feature is an extension of Intel’s Total Memory Encryption that brings support for encrypting multiple pages in memory with different encryption keys (up to 64 in total).
Intel Follows AMD’s Lead
Until a few years ago, Intel led AMD on user-facing security features. Then AMD’s Zen architecture came, and AMD started bringing out new memory encryption features that Intel’s chips lacked, at least for server CPUs.
AMD’s Secure Memory Encryption (SME) encrypted memory with a single key stored in hardware in order to protect data against physical attacks (third-party gaining unauthorized data to stolen laptops). Meanwhile, AMD’s Secure Encrypted Virtualization (SEV) offered a single encryption key per virtual machine, thus protecting a virtual machine's contents against malicious hypervisors - a feature that should be welcome in most data centers.
At the time, Intel already had its Software Guard eXtensions (SGX) feature in both enterprise and consumer chips, which acted as a “secure enclave” within a memory section for small amounts of data such as encryption keys. However, SGX can’t encrypt a whole VM or the whole memory.
Following AMD’s release of SME and SEV, Intel has also been working on Total Memory Encryption (TME) and more recently on MKTME, both of which promise to encrypt system memory at rest, at runtime, and in transit. In other words, Intel is trying to catch up to--and in some ways even surpass--AMD. These features have yet to be made available in Intel’s chips, however, so AMD still has time to respond.
What Is Intel MKTME
Intel's upcoming chip platforms will allow its processors to use MKTME to encrypt the full memory for the first time. Applications will be able to encrypt their data with new keys generated in the operating system's kernel, which means the data will be kept private and isolated from other third-party applications or other parts of the operating system.
The new encryption architecture supports encrypting normal memory, volatile DRAM, as well as persistent/non-volatile memory (such as 3D Xpoint memory). However, the current Linux kernel patchset doesn’t include support for persistent memory encryption; the feature will be added in a future patchset.
Image credit: Intel
MKTME uses the AES encryption algorithm in the AES-XTS mode, the same mode used by many disk storage encryption programs, including Microsoft’s BitLocker. This mode takes the physical access address of the data into account when encrypting each block, ensuring that each block of memory gets a different key. This feature mitigates block-relocation attacks, which means that the attacker will require access to shared physical page before being able to do anything malicious.
Attack Mitigations Offered by MKTME
Intel’s MKTME encryption features offers a range of software attack mitigations, including:
- Kernel Mapping Attacks: information disclosures that leverage the kernel direct map are mitigated against disclosing user data.
- Freed Data Leak Attacks: removing an encryption key from the hardware mitigates future user information disclosure.
Other mitigations relate to attacks based on specialized hardware, such as an “evil DIMM” or a DDR interposer:
- Cross-Domain Replay Attack: data is captured from one domain (guest) and replayed to another at a later time.
- Cross-Domain Capture and Delayed Compare Attack: data is captured and later analyzed to discover secrets.
- Key Wear-out Attack: data is captured and analyzed in order to weaken the AES encryption itself.
What about Spectre/MDS Attacks?
Do these encryption features protect against side-channel attacks such as the Spectre and MDS family? No, not so much. Researchers have warned before that memory encryption is not an effective way of stopping side-channel attacks, and in fact blocking or restricting memory access to certain parts of the system is a far better way to prevent this type of attack from happening.
Researchers have also found several flaws in AMD’s SEV feature that allow attackers to steal data. Even if Intel’s feature comes with a few improvements, it likely won’t stand the test of time, especially considering that Intel’s chips seem to be more vulnerable to side-channel attacks than AMD's.
Memory encryption is an important feature that will be especially useful when computers start making use of non-volatile memory that can store more sensitive data that normally lives within RAM on disk. Not encrypting this data at rest or in transit will mean attackers will have easy access to it. As such, the memory encryption being offered by both Intel and AMD should be a welcome security feature in coming CPU generations.