Ahh, it’s a got a system called Memory Guard but that is just brand name for Transparent SME. Which still, freaking finally, that’s awesome. Though in the context of confidential computing, where container/VM memory spaces are assured through encryption it doesn’t help since there is no granular page control just the entire memory system transparently to the system above.
Though I’m not sure if that is a hardware, firmware, or driver limitation (I think below driver because of the reports I saw of fedora failing to boot with the kernel flag set to use it).
On my laptop it seems totally transparent to the OS, but I haven’t tried setting any kernel params for it, didn’t even occur to me there was such a thing but it’d make sense if there is
Ahh, it’s a got a system called Memory Guard but that is just brand name for Transparent SME. Which still, freaking finally, that’s awesome. Though in the context of confidential computing, where container/VM memory spaces are assured through encryption it doesn’t help since there is no granular page control just the entire memory system transparently to the system above.
Though I’m not sure if that is a hardware, firmware, or driver limitation (I think below driver because of the reports I saw of fedora failing to boot with the kernel flag set to use it).
https://en.wikichip.org/wiki/x86/sme
On my laptop it seems totally transparent to the OS, but I haven’t tried setting any kernel params for it, didn’t even occur to me there was such a thing but it’d make sense if there is