Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
riobard 8 hours ago

Are you sure? I thought it's just AES without any authentication.

bonzini 8 hours ago | parent | next [-]

Yes, it's AES with a tweak based on the physical address. It adds some protection from RowHammer and the like because flipping a bit in encrypted memory is catastrophic, while it can be done in a controlled manner if it's not encrypted.

Karliss 7 hours ago | parent | next [-]

Whether you get controlled bit flip depends on exact encryption mode used. Haven't seen any document with enough technical details on how exactly their encryption scheme works.

Many of traditional block cypher encryption modes do `cypher_text = plain_text ^ block_chypher_output` with the differences being what goes into block cypher input. This means that single bit flip in cypher text maps 1:1 to bit flip in corresponding decrypted block (and sometimes uncontrolled flips in next block). For malleability prevention full protocols would use MAC in addition to encryption. That's not very practical for memory encryption. Ability to use of various chaining modes is limited since you don't want to re encrypt whole ram when single byte changes or otherwise reduce parallelization of ram processing. Only traditional mode which doesn't degrade parallelization is counter mode, but that's fully susceptible to controlled bit flips. Maybe they can use chaining at cache line or cache block level.

This made me think. If the memory controller is already implementing encryption with limited chaining at block level. It wouldn't take much more additional resources to include hardware MAC as well, thus providing much stronger error detection (not correction) capability compared to typical ECC. The fact they aren't advertising it makes me think they aren't doing it, thus using some kind of counter mode variation and thus no extra bitflip protection.

IshKebab 4 hours ago | parent | prev [-]

Surely ECC already does that. You don't need encryption.

undersuit 2 hours ago | parent | next [-]

ECC just makes it take longer to find the right conditions for Rowhammering. You need to flip more bits in one go to override ECC integrity checks.

bonzini 2 hours ago | parent | prev [-]

Not that common on consumer hardware.

crest 7 hours ago | parent | prev [-]

Which encrypts each cache line with a key unknown to the attacker. This means an attacker can't target individual bits. Every change affects at least one AES encrypted block. It's much stronger than any normal defence against row hammer in that regard because flipping a single bit in plaintext changes ~half the bits in the ciphertext. It's similar to how Apple uses always on disk encryption instead of the normal means to limit run length in their NAND flash controllers. If the encryption is "off" it just means the decryption key is stored somewhere in the trusted enclave.