AMD details its Zen hardware level encryption

[NumLock21]

In this age where almost everything has gone digital, protecting personal information and login credentials are extremely important. But no matter how many layers of security are implemented, there is always a area, we might have missed and thus it opens a backdoor, where hackers can access it. Maybe AMD ZEN is about to change all this, with their SME and SVE hardware level based type of encryptions.

Security Memory Encryption or SME for short is one of the exclusive features found in AMD Zen. The security feature protects user's data from hackers by encrypting system memory, as it was shown in the past, even after the system is turned off. Information such as passwords or other login credentials is still stored in system memory. If hackers can have assess to it, they can easily access those sensitive information, since the data are unencrypted, and in plain text format.

Next is Security Encrypted Virtualization (SEV), it's similar to SME, but it's for Virtual Machines. And this is what AMD has to say about it.

Quote

When enabled, SEV hardware tags all code and data with its VM ASID which indicates which VM the data originated from or is intended for. This tag is kept with the data at all times when inside the SOC, and prevents that data from being used by anyone other than the owner. While the tag protects VM data inside the SOC, AES with 128 bit encryption protects data outside the SOC.

Both of these features are found in AMD's secure co-processor based on the ARM Cortex A5, that's built right into the Zen CPU.

 

http://digiworthy.com/2016/10/12/amd-zen-sme-sev-encryption-features-detailed/

 

 

[Guest]

Is that a heat map? Are they giving is to see how hot is that AMD?

[deleted_member_030719]

Yay! My porn is now encrypted! 

[Guest]

Just now, Jed M said:

Yay! My porn is now encrypted! 

 

[deleted_member_030719]

2 minutes ago, dexxterlab97 said:

 

That's not enough! My girlfriend can never know! Nor can the FBI... I don't want to go to prison...

[zMeul]

why!?!?

it's extra silicon that will draw power, will need to be cooled for barely anyone in end-user sector to use

this is some enterprise grade level shit that could be useful, but not in every ZEN SKU

[2FA]

6 minutes ago, zMeul said:

why!?!?

it's extra silicon that will draw power, will need to be cooled for barely anyone in end-user sector to use

this is some enterprise grade level shit that could be useful, but not in every ZEN SKU

Well the massive Target breach was made possible by using RAM Scrapers that were installed on retail machines. RAM Scrapers are actually one of the fastest growing type of attacks out there due to there not being many protections.

[zMeul]

1 minute ago, DeadEyePsycho said:

Well the massive Target breach was made possible by using RAM Scrapers that were installed on retail machines. RAM Scrapers are actually one of the fastest growing type of attacks out there due to there not being many protections.

again, enterprise use and not home use

[2FA]

6 minutes ago, zMeul said:

again, enterprise use and not home use

Except that it isn't. Anyone can get a RAM Scraper.

[Belgarathian]

20 minutes ago, zMeul said:

again, enterprise use and not home use

 

12 minutes ago, DeadEyePsycho said:

Except that it isn't. Anyone can get a RAM Scraper.

I work for one of said enterprises and regularly log into work remotely using retail laptops, and my home computer. 

 

Enterprise security is only as strong as its weakest point. 

[2FA]

4 minutes ago, Belgarathian said:

 

I work for one of said enterprises and regularly log into work remotely using retail laptops, and my home computer. 

 

Enterprise security is only as strong as its weakest point. 

The retail machines in question were Windows based cash registers but you are exactly correct in all forms of cyber security. Usually the weakest point is a human though. 

[Belgarathian]

2 minutes ago, DeadEyePsycho said:

The retail machines in question were Windows based cash registers but you are exactly correct in all forms of cyber security. Usually the weakest point is a human though. 

[Prysin]

1 hour ago, zMeul said:

why!?!?

it's extra silicon that will draw power, will need to be cooled for barely anyone in end-user sector to use

this is some enterprise grade level shit that could be useful, but not in every ZEN SKU

you do know INtel has had similar systems for a while, although not as extensive?

also, i bet its something you turn on/off inside the BIOS, just like with Intels security features

[Dabombinable]

1 hour ago, Prysin said:

you do know INtel has had similar systems for a while, although not as extensive?

also, i bet its something you turn on/off inside the BIOS, just like with Intels security features

People forget that you can turn parts of most CPU off. For example, I can disable the L2 cache on anthing CPU that I install on my Jetway 994 AN-L and Abit VP6. And I can disable Hyperthreading and a lot of other features on my 4790K. Hyperthreading/SMT has a far greater impact on thermals and power consumption than hardware level encryption FYI @zMeul

[LAwLz]

7 hours ago, zMeul said:

why!?!?

it's extra silicon that will draw power, will need to be cooled for barely anyone in end-user sector to use

this is some enterprise grade level shit that could be useful, but not in every ZEN SKU

Assuming that it is completely powered by the Cortex A5 and not special hardware, it will use like 0.1 watts (that's for a A5 at 1GHz,  40nm process and the optional NEON instructions support) ... Fixed function hardware would lower it even further.

 

It will not be an issue. 

 

 

Edit: I looked it up. It's handled by fixed function hardware. Power consumption and heat will not be an issue. 

[sof006]

This is pretty awesome, nice one AMD.

[zMeul]

6 hours ago, Dabombinable said:

People forget that you can turn parts of most CPU off. For example, I can disable the L2 cache on anthing CPU that I install on my Jetway 994 AN-L and Abit VP6. And I can disable Hyperthreading and a lot of other features on my 4790K. Hyperthreading/SMT has a far greater impact on thermals and power consumption than hardware level encryption FYI @zMeul

disabling shit doesn't actually cut power to it

do you have a CPU with integrated graphics and a Kill-A-Watt gizmo? plug that in and measure the idle power draw with the IGP, enabled and disabled - you'll see no difference

[zMeul]

8 hours ago, Belgarathian said:

 

I work for one of said enterprises and regularly log into work remotely using retail laptops, and my home computer. 

 

Enterprise security is only as strong as its weakest point. 

and?! you buy exactly what you need

if that company you work for would actually care about security you would not log in from your home PC

[Dabombinable]

4 minutes ago, zMeul said:

disabling shit doesn't actually cut power to it

do you have a CPU with integrated graphics and a Kill-A-Watt gizmo? plug that in and measure the idle power draw with the IGP, enabled and disabled - you'll see no difference

Its not under load or in use, ergo the power consumption is significantly reduced. An iGPU at idle doesn't consume the same amount as one under load BTW.

[zMeul]

Just now, Dabombinable said:

Its not under load or in use, ergo the power consumption is significantly reduced. An iGPU at idle doesn't consume the same amount as one under load BTW.

I wasn't talking under load, I specifically said IDLE

[VerticalDiscussions]

Well i suppose having a layer of security on the memory, even when turned off is all good, but what system memory is it? The CPU encrypts the drives and you can even double encrypt the drives directly xD?

 

I think the next step in security is assuring that even when the computer is powered off, a mechanism wont allow eletricity to flow trough the PSU without credentials that are stored in a memory outside of itself (something like a PSU Ironkey drive xD).

 

Encrypted Power Supply -> Badass

[zMeul]

1 hour ago, LAwLz said:

Edit: I looked it up. It's handled by fixed function hardware.

and I facepalm again

security needs updates from time to time - how are they going to do that with fixed hardware? well, they'll need a software layer on top, that will lead to CPU % load

 

----

 

and on a related note: when someone asks for an AV, people recommend that piece of shit Windows Defender instead of a tested commercial AV product

now, the same people hail AMD's ARM chip inside a CPU - go figure, because I can't 

[zMeul]

24 minutes ago, Dabombinable said:

Its not under load or in use, ergo the power consumption is significantly reduced. An iGPU at idle doesn't consume the same amount as one under load BTW.

and here's something else: https://cseweb.ucsd.edu/~swanson/papers/IEEEMicro2011GreenDroid.pdf

Quote

Our research attacks a key technological problem for microprocessor architects, which we call the utilization wall.1 The utilization wall says that, with each process generation, the percentage of transistors that a chip design can switch at full frequency drops exponentially because of power constraints. A direct consequence of this is dark silicon —large swaths of a chip’s silicon area that must remain mostly passive to stay within the chip’s power budget. Currently, only about 1 percent of a modest-sized 32-nm mobile chip can switch at full frequency within a 3-W power budget. With each process generation, dark silicon gets exponentially cheaper, whereas the power budget is becoming exponentially more valuable.

what that means is for "silicon" to be ready for use, it needs to actually be powered

[Tomsen]

11 minutes ago, zMeul said:

and here's something else: https://cseweb.ucsd.edu/~swanson/papers/IEEEMicro2011GreenDroid.pdf

what that means is for "silicon" to be ready for use, it needs to actually be powered

I think you misunderstood what dark silicon means.

https://en.wikipedia.org/wiki/Dark_silicon

 

It simply means that within a TDP, only a certain amount of the silicon can be powered on.

[Tomsen]

29 minutes ago, zMeul said:

and I facepalm again

security needs updates from time to time - how are they going to do that with fixed hardware? well, they'll need a software layer on top, that will lead to CPU % load

 

----

 

and on a related note: when someone asks for an AV, people recommend that piece of shit Windows Defender instead of a tested commercial AV product

now, the same people hail AMD's ARM chip inside a CPU - go figure, because I can't 

Why would they need to update the hardware security? They don't update their current hardware securities, are you also complaining about that?

They could probably do some firmware updates. The ARM microprocessor will handle the load.

 

Because Windows Defener almost yield the same detection rate on the most common attacks.

And how are those subjects even related? Also, AMD already got ARM chip inside their SoC today, IIRC.