Article: Intel’s Plans for 3DXP DIMMs Emerge
By: wumpus (lost.delete@this.in.a.cave), December 11, 2018 9:36 am
Room: Moderated Discussions
Maynard Handley (name99.delete@this.name99.org) on December 11, 2018 7:20 am wrote:
> Howard Chu (hyc.delete@this.symas.com) on December 11, 2018 4:17 am wrote:
> > Adrian (a.delete@this.acm.org) on December 1, 2018 10:05 pm wrote:
> > > Adrian` (a.delete@this.acm.org) on December 1, 2018 2:43 pm wrote:
> > >
> > > > some problems), but I cannot verify that, so I would never trust it. I trust Intel even less than AMD.
> > > >
> > > >
> > >
> > >
> > > I have not made it clear here, but the fact that I do not trust Intel about security issues does
> > > not come from any kind of prejudice, but it is a simple consequence of Intel's actions.
> > >
> > >
> > > The case of the Optane memories is a new example that it is absolutely impossible to trust Intel
> > > about security, because they are either at best completely incompetent or at worst malevolent.
> > >
> > >
> > > When they planned the processor support for Optane DIMMs,
> > > the first feature that should have been added before
> > > anything else is memory encryption. Instead of doing so, Intel
> > > reluctantly announced support for memory encryption
> > > in some future processors, possibly only in server processors, and only after AMD forced their hand.
> > >
> > >
> > > Only the most amateurish of the security amateurs could not
> > > have been aware that non-volatile memory encryption
> > > is a sine qua non feature. Such an omission is hard to
> > > explain in a company of the size of Intel, unless you
> > > believe the conspiracy theories that they really are trying to actively add backdoors in their products.
> > >
> > >
> > > Of course like in any large company, among Intel's employees there are a lot of very good
> > > professionals who do great things, but about security I do not remember anything but a long
> > > list of horrible blunders, since the introduction of 80386SL in 1990 and until now.
> >
> > Will definitely be interesting to follow this issue going forward. It looks like
> > MRAM is poised to replace SRAM for on-chip caches, down the road. Encrypting cache
> > contents would quite impractical.
>
> The crypto has to be appropriate to the problem. This is NOT the equivalent of network crypto.
> For example, suppose the equivalent of a random key burned into the device is XOR'd with everything
> going into and out of an MRAM cache (maybe also XOR-in the relevant addresses).
> Is that good enough? On the off-chance that someone could extract the contents
> of the MRAM cache (which may or may not be true?) the assumption is always
> that they CANNOT extract the contents of these sorts of hardware keys.
I guess that would work if doubled the size of all the caches (to store the cryptostream) and created the cryptostream for each cacheline (at a specific memory location) as it was read in from memory. You would then pass the cryptostream along with the data up and down the levels as needed. It would need twice the size and twice the bandwidth, but I suppose that if you have non-volitile cache somebody will want an encrypted cache (too easy to read out the non-volitile cache otherwise). Note that the encryption stream is still non-volitile and cleartext, and always in danger of someone physically attacking the chip
Still sounds bizarre (although not as slow as I thought, since all the encryption rounds have to happen during a memory read/cacheline initialization). Maybe some sort of niche design that an ARM server would be good for.
> Howard Chu (hyc.delete@this.symas.com) on December 11, 2018 4:17 am wrote:
> > Adrian (a.delete@this.acm.org) on December 1, 2018 10:05 pm wrote:
> > > Adrian` (a.delete@this.acm.org) on December 1, 2018 2:43 pm wrote:
> > >
> > > > some problems), but I cannot verify that, so I would never trust it. I trust Intel even less than AMD.
> > > >
> > > >
> > >
> > >
> > > I have not made it clear here, but the fact that I do not trust Intel about security issues does
> > > not come from any kind of prejudice, but it is a simple consequence of Intel's actions.
> > >
> > >
> > > The case of the Optane memories is a new example that it is absolutely impossible to trust Intel
> > > about security, because they are either at best completely incompetent or at worst malevolent.
> > >
> > >
> > > When they planned the processor support for Optane DIMMs,
> > > the first feature that should have been added before
> > > anything else is memory encryption. Instead of doing so, Intel
> > > reluctantly announced support for memory encryption
> > > in some future processors, possibly only in server processors, and only after AMD forced their hand.
> > >
> > >
> > > Only the most amateurish of the security amateurs could not
> > > have been aware that non-volatile memory encryption
> > > is a sine qua non feature. Such an omission is hard to
> > > explain in a company of the size of Intel, unless you
> > > believe the conspiracy theories that they really are trying to actively add backdoors in their products.
> > >
> > >
> > > Of course like in any large company, among Intel's employees there are a lot of very good
> > > professionals who do great things, but about security I do not remember anything but a long
> > > list of horrible blunders, since the introduction of 80386SL in 1990 and until now.
> >
> > Will definitely be interesting to follow this issue going forward. It looks like
> > MRAM is poised to replace SRAM for on-chip caches, down the road. Encrypting cache
> > contents would quite impractical.
>
> The crypto has to be appropriate to the problem. This is NOT the equivalent of network crypto.
> For example, suppose the equivalent of a random key burned into the device is XOR'd with everything
> going into and out of an MRAM cache (maybe also XOR-in the relevant addresses).
> Is that good enough? On the off-chance that someone could extract the contents
> of the MRAM cache (which may or may not be true?) the assumption is always
> that they CANNOT extract the contents of these sorts of hardware keys.
I guess that would work if doubled the size of all the caches (to store the cryptostream) and created the cryptostream for each cacheline (at a specific memory location) as it was read in from memory. You would then pass the cryptostream along with the data up and down the levels as needed. It would need twice the size and twice the bandwidth, but I suppose that if you have non-volitile cache somebody will want an encrypted cache (too easy to read out the non-volitile cache otherwise). Note that the encryption stream is still non-volitile and cleartext, and always in danger of someone physically attacking the chip
Still sounds bizarre (although not as slow as I thought, since all the encryption rounds have to happen during a memory read/cacheline initialization). Maybe some sort of niche design that an ARM server would be good for.
| Topic | Posted By | Date |
|---|---|---|
| New article on Intel's 3DXP | David Kanter | 2018/07/23 10:02 AM |
| New article on Intel's 3DXP | Groo | 2018/07/23 01:53 PM |
| New article on Intel's 3DXP | Michael S | 2018/07/23 02:47 PM |
| New article on Intel's 3DXP | Teemo | 2018/07/23 05:38 PM |
| New article on Intel's 3DXP | Wes Felterw | 2018/07/23 09:41 PM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 04:31 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 06:30 AM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 06:49 AM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:59 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 08:29 AM |
| Flash DIMMs = bad idea | Doug S | 2018/07/24 08:49 AM |
| price | Michael S | 2018/07/24 03:16 PM |
| price | Doug S | 2018/07/24 03:32 PM |
| price | Michael S | 2018/07/24 03:49 PM |
| Flash DIMMs = bad idea | blaine | 2018/12/03 04:40 PM |
| Flash DIMMs = bad idea | Wes Felter | 2018/12/04 12:07 PM |
| Flash DIMMs = bad idea | RichardC | 2018/12/04 04:09 PM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:51 AM |
| Flash DIMMs = bad idea | Adrian | 2018/07/24 07:35 AM |
| Flash DIMMs = bad idea | Ricardo B | 2018/07/24 09:24 AM |
| Flash DIMMs = bad idea | bakaneko | 2018/07/24 06:55 PM |
| New article on Intel's 3DXP | Etienne | 2018/07/25 05:02 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 06:23 AM |
| New article on Intel's 3DXP | Michael S | 2018/12/01 08:56 AM |
| New article on Intel's 3DXP | anon | 2018/12/01 09:21 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 01:52 PM |
| New article on Intel's 3DXP | Adrian` | 2018/12/01 03:43 PM |
| New article on Intel's 3DXP | Adrian | 2018/12/01 11:05 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/11 05:17 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/11 05:42 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 08:20 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/11 09:36 AM |
| New article on Intel's 3DXP | Anon | 2018/12/11 05:21 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 05:32 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 12:29 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:32 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/12 12:07 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 12:41 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:55 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:49 PM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 01:14 AM |
| New article on Intel's 3DXP | anon | 2018/12/12 06:28 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:26 AM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 02:10 PM |
| New article on Intel's 3DXP | innocent bystander | 2018/12/12 10:34 PM |
| New article on Intel's 3DXP | anon | 2018/12/12 02:42 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 05:53 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/02 07:01 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 11:34 AM |
| Intel's 3DXP availability | Etienne Lorrain | 2018/12/03 04:50 PM |
