[$] A proposed API for full-memory encryption

Hardware memory encryption is, or will soon be, available on multiplegeneric CPUs. In its absence, data is stored - and passes between thememory chips and the processor - in the clear. Attackers may be able toaccess it by using hardware probes or by directly accessing the chips, which isespecially problematic with persistent memory. One new memory-encryptionoffering is Intel's Multi-KeyTotal Memory Encryption (MKTME) [PDF]; AMD's equivalent is called Secure Encrypted Virtualization(SEV). The implementation of support for thisfeature is in progress for the Linux kernel. Recently, Alison Schofield proposed a user-space API for MKTME, provokinga long discussion on how memory encryption should beexposed to the user, if at all.