
Securing Memory at EPYC Scale - jgrahamc
https://blog.cloudflare.com/securing-memory-at-epyc-scale/
======
mahmoudimus
I have been following this space very closely as we're planning some killer
roadmap use cases at my place of employment. This has been in the works for
sometime after the interest in Intel's SGX + AMD's SEV environment that
delivered subpar results.

Yesterday, Intel announced that Multi-Key Total Memory Encryption is coming to
CPUs ([https://arstechnica.com/gadgets/2020/02/intel-promises-
full-...](https://arstechnica.com/gadgets/2020/02/intel-promises-full-memory-
encryption-in-upcoming-cpus/)) and it's very exciting to see this space heat
up.

If you're interested in embedded systems and data security is interesting to
you, we are hiring! (send me an email - mahmoud @ linux dot com).

~~~
saagarjha
What are you using this for?

~~~
mahmoudimus
Running "serverless" functions on
[https://github.com/bytecodealliance/lucet](https://github.com/bytecodealliance/lucet)
which is running in these enclaves provides a relatively simple way to offer
"confidential computing" to offer an alternative against "semi-honest" (or
sometimes known as "honest-but-curious") adversarial threat models.

------
eqvinox
I really don't see the point of encrypting memory this way, with what boils
down to a global key.

Anything breaking security of your OS kernel or some trusted process will
still be able to steal all your data, since it's executing on the CPU with
access to the keys.

Any attacker with physical access can still grab a hold of some PCIe or LPC
port somewhere and try to convince your IOMMU to let it DMA out all memory. Or
just manipulate the BIOS to install a permanent rootkit.

Why is this not using per-page or per-process keys, in some kind of secure
storage? That'd actually add another barrier even if the kernel is already
compromised. And the CPU does actually support this... but only for VMs with
SEV, it seems. Would be nice to extend this.

~~~
theevilsharpie
> I really don't see the point of encrypting memory this way, with what boils
> down to a global key.

SME was initially developed for game consoles[1], and was designed to protect
security keys used for DRM against hardware probing. The feature makes sense
in that environment, or any environment where the computer may realistically
fall into the hands of an adversary (e.g., a laptop) while still running.

Plain SME on a server doesn't really make sense for DRAM unless your threat
model needs to protect against extremely sophisticated attackers (although if
there's no real performance hit, you may as well just enable it). However, it
would be useful on a system with NVDIMMs.

[1] [https://www.crn.com/news/components-peripherals/amd-s-
xbox-p...](https://www.crn.com/news/components-peripherals/amd-s-xbox-
playstation-work-led-to-a-big-security-feature-in-epyc)

~~~
ithkuil
Can it protect against DMA access from malicious PCI devices (in case the
IOMMU has to be disabled, e.g. for performance reasons)?

~~~
SaltySolomon
In transparent mode it will only protect against somebody pulling the Stick,
in per page mode it will depend on the mode.

------
myalphabet
It’s always nice reading about a company taking security seriously, and
Cloudflare has some decent write ups for their hardware/software security, but
I sure wish they would take other forms of security more seriously.

I visited Cloudflare’s Austin office. The door to the office is an old
unlocked door with a glass pane and an old deadbolt. There is no reception
desk or even anyone watching the door. I was able to walk in completely
unnoticed and walk around for a couple minutes trying to get someone’s
attention to figure out where I needed to go (not the best job interview
experience, but that’s a different topic), while desks full of unattended and
unlocked computers were fully available to me.

For a company that bills itself as an internet security company, it wasn’t
very inspiring security.

edit to add: this was over a year ago so it’s possible things have improved
since then. My understanding is that the Austin office is relatively new so
maybe at the time they were still working out the kinks (still not great
security but more understandable at least)

~~~
noahmbarr
Before posting this, did you give them this feedback directly?

~~~
myalphabet
One of the folks I talked to while there was one of the senior security team
members, and I mentioned it to him during the interview but felt like it was
brushed off (honestly that’s not that uncommon, I’ve worked in security for
years and while software people are always really critical on software
security, they really don’t care about physical security). I’ve been back once
and nothing had changed at that time, but that was over a year ago so
hopefully in the past year things have improved.

~~~
jgrahamc
I went ahead and copied your comment to our internal security team. We do take
this stuff seriously and I was surprised to hear about unlocked machines and
easy access.

~~~
myalphabet
That’s good to hear! I edited my original comment to say that this was over a
year ago and was still when the Austin office was relatively new so perhaps it
was just the effects of adjusting to a new space, and hopefully things are
different now. Still, glad that it’s taken seriously.

