There’s always a tradeoff in computing between security v/s performance/overhead, so the value of it depends on your threat model, and the attack vectors you’re expecting.
Anyways, RAM encryption is generally “available” in various forms, depending on the mobo, CPU, software used etc, but it’s not commonly enabled/used. Most AMD boards (at least, mid-range and above should) have an option in the BIOS to enable Secure Memory Encryption (SME). This allows the OS to selectively encrypt memory pages, making use of a hardware AES engine that sits outside of the CPU.
There’s also Transparent SME (TSME), which encrypts the entire memory and works completely independent of the OS and software. Usually only high-end/workstation boards have this, and it also requires a Ryzen PRO CPU. TSME also has a much lower overhead, I recall reading somewhere it’s something like only 5%.
I believe Intel also has something similar, but I never looked into it.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Depends if the RAM is encrypted, and how secure the TPM is.
I admit to being out of the game for a while but how common is RAM encryption?
wouldn’t the overhead violate half the point of RAM?
There’s always a tradeoff in computing between security v/s performance/overhead, so the value of it depends on your threat model, and the attack vectors you’re expecting.
Anyways, RAM encryption is generally “available” in various forms, depending on the mobo, CPU, software used etc, but it’s not commonly enabled/used. Most AMD boards (at least, mid-range and above should) have an option in the BIOS to enable Secure Memory Encryption (SME). This allows the OS to selectively encrypt memory pages, making use of a hardware AES engine that sits outside of the CPU.
There’s also Transparent SME (TSME), which encrypts the entire memory and works completely independent of the OS and software. Usually only high-end/workstation boards have this, and it also requires a Ryzen PRO CPU. TSME also has a much lower overhead, I recall reading somewhere it’s something like only 5%.
I believe Intel also has something similar, but I never looked into it.
AMD have a whitepaper available with an overview on how this stuff works, if you’re interested: https://www.amd.com/system/files/TechDocs/memory-encryption-white-paper.pdf