SME Concepts

Main memory encryption is accomplished through dedicated hardware within the on-die memory controllers. Each controller is equipped with a high-performance Advanced Encryption Standard (AES) engine responsible for encrypting data when written to DRAM and decrypting it upon read, as depicted in the figure below. The AES engine operates with a 128-bit key and employs an address-based tweak to enhance protection against cipher-text block move attacks during data encryption.

Drawing
Memory Encryption Behavior

The AES encryption key used with this mechanism, known as Secure Memory Encryption (SME), is randomly generated during each system reset and remains concealed from any software running on the CPU cores. Management of the encryption key is entirely entrusted to the AMD Secure Processor (AMD-SP), a 32-bit microcontroller (ARMยฎ Cortexยฎ-A5) serving as a dedicated security subsystem integrated within the AMD SOC. The key is generated using the onboard NIST SP 800-90 compliant hardware random number generator and securely stored in dedicated hardware registers within the SOC, ensuring that it is never exposed outside the system in plaintext. Unlike the SEV mode (to be discussed later), SME does not necessitate the participation of software running on the CPU cores in key management.

The decision of which memory pages should be encrypted is controlled by the operating system (OS) or hypervisor (HV) through the software-managed page tables. When memory encryption is enabled, the 47th bit of the physical address (referred to as the C-bit, as for enCrypted) is utilized to indicate whether a memory page should be protected. The OS or HV sets the 47th bit of the page table entry (PTE) to 1 to signify that the page should be encrypted. Subsequently, accesses to that memory are automatically encrypted and decrypted by the AES engine in the memory controller.

Drawing
Address Mapping

It is essential to note that the encryption and decryption processes via the AES engine introduce a minor increase in latency for DRAM memory accesses. The impact of this latency on software performance varies significantly depending on the system workload but is generally estimated to have only a marginal effect on overall system performance. If only a subset of memory is encrypted, the performance impact will be less pronounced since unencrypted accesses typically do not incur additional latency, as illustrated in figure above.

Special Considerations

SME offers a straightforward method for software to encrypt some or all memory pages. However, there are important programming considerations that must be taken into account when dealing with encrypted memory.

The primary consideration is that hardware does not manage coherency between encrypted and unencrypted copies of the same page in the same way. Therefore, software must exercise caution when modifying the C-bit of pages. If a page's C-bit needs to be modified, it is crucial to flush that page from the CPU caches before making changes to the page table.

It is worth noting that devices are permitted to issue DMA to encrypted memory. However, similar to CPU accesses, they must set bit 47 of the physical address. Some 32-bit legacy devices may not support this, but software can address this limitation by utilizing the IOMMU (Input-Output Memory Management Unit) to remap device request addresses to addresses with the C-bit set.

For more detailed technical information on the SME feature, you can refer to the latest version of the AMD Programmerโ€™s Manual (APM) volume 2.

Transparent SME

SME offers considerable flexibility for managing main memory encryption but requires support in the OS/HV. However, for systems that wish to have the physical protection of SME independent of the OS/HV, Transparent SME (TSME) provides a viable option. With TSME, all memory is encrypted, irrespective of the value of the C-bit on any specific page. This mode offers a straightforward way to enable encryption without necessitating software modifications.

Enabling TSME can be achieved through a BIOS setting on supported platforms, providing a seamless and hassle-free approach to activate memory encryption.

Last updated