By: Howard Chu (hyc.delete@this.symas.com), December 2, 2018 5:53 am
Room: Moderated Discussions
Adrian` (a.delete@this.acm.org) on December 1, 2018 2:43 pm wrote:
> Howard Chu (hyc.delete@this.symas.com) on December 1, 2018 12:52 pm wrote:
> >
> > What security threats are you thinking of? I believe with non-volatility and
> > non-destructive reads, MRAM is immune to rowhammer-style attacks. (But I don't
> > have any references that claim to have tested or verified this.)
> >
>
>
>
>
> Any kind of non-volatile RAM replacement cannot have acceptable security unless the processor
> has memory encryption, like AMD Zen has now and some future Intel processors will also have.
>
>
> Nevertheless, unlike for a SSD, where I can choose whatever encryption algorithm
> and key management system I want, I do not have any control over AMD SME.
That's somewhat the point though; if you had access to the keys at user or OS
level, then it would be directly vulnerable to arbitrary code exploits. Since
the key management is isolated from you, it's much harder to subvert it.
Current SME uses AES-128.
Certainly the AMD SP is a weak link in the chain here, and making that open
source would go a long way toward allaying suspicions.
> Maybe the AMD implementation of memory encryption is secure (although there have already been reports of
> some problems), but I cannot verify that, so I would never trust it. I trust Intel even less than AMD.
I haven't been able to find any reports of issues with SME. There's some
interesting work to bypass SEV though, hacking a hypervisor to allow pages
of an encrypted VM's memory to be returned in plaintext.
https://securityaffairs.co/wordpress/72929/hacking/amd-secure-encrypted-virtualization-hack.html
> I might accept to use non-volatile DIMMs in some server that I believe to be reasonably physically secure,
> but I will certainly never accept non-volatile RAM in a laptop, which can be easily stolen.
A lot of people travel with their laptop in Suspend-to-RAM state, so there's
really no difference there. Don't take your hands off your laptop when traveling.
These days smartphones have as much RAM as laptops. People don't routinely
walk around with their phones powered off, and phones are much more easily
stolen than laptops. Seems like an unreasonable concern, or a risk that most
people accept.
> However, having grown up in a country where everybody was under surveillance from the secret police, whose
> only purpose was to ensure that nobody will be able to overthrow the government composed of thieves and
> murderers, I am very aware of the fact that while my servers might be protected from ordinary thieves,
> they cannot be protected from the government, which I do not trust at all even today, so I will never
> use non-volatile DIMMs even in servers, regardless of what speed advantages they might have.
I would instead avoid putting data onto my servers that I would care about
having stolen.
> Howard Chu (hyc.delete@this.symas.com) on December 1, 2018 12:52 pm wrote:
> >
> > What security threats are you thinking of? I believe with non-volatility and
> > non-destructive reads, MRAM is immune to rowhammer-style attacks. (But I don't
> > have any references that claim to have tested or verified this.)
> >
>
>
>
>
> Any kind of non-volatile RAM replacement cannot have acceptable security unless the processor
> has memory encryption, like AMD Zen has now and some future Intel processors will also have.
>
>
> Nevertheless, unlike for a SSD, where I can choose whatever encryption algorithm
> and key management system I want, I do not have any control over AMD SME.
That's somewhat the point though; if you had access to the keys at user or OS
level, then it would be directly vulnerable to arbitrary code exploits. Since
the key management is isolated from you, it's much harder to subvert it.
Current SME uses AES-128.
Certainly the AMD SP is a weak link in the chain here, and making that open
source would go a long way toward allaying suspicions.
> Maybe the AMD implementation of memory encryption is secure (although there have already been reports of
> some problems), but I cannot verify that, so I would never trust it. I trust Intel even less than AMD.
I haven't been able to find any reports of issues with SME. There's some
interesting work to bypass SEV though, hacking a hypervisor to allow pages
of an encrypted VM's memory to be returned in plaintext.
https://securityaffairs.co/wordpress/72929/hacking/amd-secure-encrypted-virtualization-hack.html
> I might accept to use non-volatile DIMMs in some server that I believe to be reasonably physically secure,
> but I will certainly never accept non-volatile RAM in a laptop, which can be easily stolen.
A lot of people travel with their laptop in Suspend-to-RAM state, so there's
really no difference there. Don't take your hands off your laptop when traveling.
These days smartphones have as much RAM as laptops. People don't routinely
walk around with their phones powered off, and phones are much more easily
stolen than laptops. Seems like an unreasonable concern, or a risk that most
people accept.
> However, having grown up in a country where everybody was under surveillance from the secret police, whose
> only purpose was to ensure that nobody will be able to overthrow the government composed of thieves and
> murderers, I am very aware of the fact that while my servers might be protected from ordinary thieves,
> they cannot be protected from the government, which I do not trust at all even today, so I will never
> use non-volatile DIMMs even in servers, regardless of what speed advantages they might have.
I would instead avoid putting data onto my servers that I would care about
having stolen.
| Topic | Posted By | Date |
|---|---|---|
| New article on Intel's 3DXP | David Kanter | 2018/07/23 10:02 AM |
| New article on Intel's 3DXP | Groo | 2018/07/23 01:53 PM |
| New article on Intel's 3DXP | Michael S | 2018/07/23 02:47 PM |
| New article on Intel's 3DXP | Teemo | 2018/07/23 05:38 PM |
| New article on Intel's 3DXP | Wes Felterw | 2018/07/23 09:41 PM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 04:31 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 06:30 AM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 06:49 AM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:59 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 08:29 AM |
| Flash DIMMs = bad idea | Doug S | 2018/07/24 08:49 AM |
| price | Michael S | 2018/07/24 03:16 PM |
| price | Doug S | 2018/07/24 03:32 PM |
| price | Michael S | 2018/07/24 03:49 PM |
| Flash DIMMs = bad idea | blaine | 2018/12/03 04:40 PM |
| Flash DIMMs = bad idea | Wes Felter | 2018/12/04 12:07 PM |
| Flash DIMMs = bad idea | RichardC | 2018/12/04 04:09 PM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:51 AM |
| Flash DIMMs = bad idea | Adrian | 2018/07/24 07:35 AM |
| Flash DIMMs = bad idea | Ricardo B | 2018/07/24 09:24 AM |
| Flash DIMMs = bad idea | bakaneko | 2018/07/24 06:55 PM |
| New article on Intel's 3DXP | Etienne | 2018/07/25 05:02 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 06:23 AM |
| New article on Intel's 3DXP | Michael S | 2018/12/01 08:56 AM |
| New article on Intel's 3DXP | anon | 2018/12/01 09:21 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 01:52 PM |
| New article on Intel's 3DXP | Adrian` | 2018/12/01 03:43 PM |
| New article on Intel's 3DXP | Adrian | 2018/12/01 11:05 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/11 05:17 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/11 05:42 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 08:20 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/11 09:36 AM |
| New article on Intel's 3DXP | Anon | 2018/12/11 05:21 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 05:32 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 12:29 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:32 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/12 12:07 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 12:41 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:55 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:49 PM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 01:14 AM |
| New article on Intel's 3DXP | anon | 2018/12/12 06:28 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:26 AM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 02:10 PM |
| New article on Intel's 3DXP | innocent bystander | 2018/12/12 10:34 PM |
| New article on Intel's 3DXP | anon | 2018/12/12 02:42 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 05:53 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/02 07:01 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 11:34 AM |
| Intel's 3DXP availability | Etienne Lorrain | 2018/12/03 04:50 PM |
