![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Memory encryption is only useful for certain types of hacks, if a user has access to a system for more than 30 minutes, memory encryption won't be able to stop them. Memory encryption only helps with when memory is in a non volatile state which is when you shut down after connecting to a server *encrypted hard drive*, which usually ram looses its data integrity fairly quickly, should be done within 5 minutes after power down. If the ram is cooled then it can last up to 10 or 15 minutes.
For cloud servers, if the provider has been infiltrated by someone that knows exactly what they are looking for, that is the only thing memory encryption will stop from a quick hit and run. And if a person has infiltrated the service, those guys arn't looking for a quick hit and run. Or the cloud service can't be trusted is, well that doesn't work because they have as much time as want to decrypt HD's.
This is why its just a nice feature to have, not a must have. If a cloud service provider is compromised, oh boy I'll bet my house they are not going for whats in the memory lol, they are going for a hell of a lot more and most likely they will get it. All they have to do is copy the HD's and they can decrypt them at their own pace. They aren't going to be doing that at place of work either. And if they spent the time to infiltrate a provider the seriousness of a cold boot hack is kinda moot. Doing a cold boot hack and then sitting around and copying the files while work is going on is not the smartest thing to do, copy everything as quick as possible and go elsewhere to decrypt em. That way the thief doesn't get caught red handed. If he is bold enough or stupid enough to sit around while he does a cold boot hack and then have time to go through the files and think he won't be noticed, man he must be really that good of spy lol or a really crappy security at the cloud server provider in the first place, the client should go else where.
Now if someone steals a laptop or what not that is a different matter, they still have limited time to do what they can to get the cold boot to work, so its not must have thing, if the user of the laptop is smart they will know how to shut down their laptop properly so that can't happen.
Well as you can see Intel already has something similar.... So is it really that big of deal now?
BTW fogot to add Zen will only have SME when its released, SEV which could be somewhat better in some instances over Intel's SGX 1.0 (Intel's SGX 1.0 is better in other areas too like when the OS is compromised SGX 1.0 can still function on an application level where AMD's SEV and SME can't again SEV won't be out and no one knows when it will be out). Right now Intel's SGX isn't fully implemented in end user run time environment either only in developer mode is it usable, probably will change soon though.
Pro's and cons of both, Intel's SGX requires a bit more work for 3rd party integration for now, so SME is easier to integrate from 3rd parties, but SGX in the future will be able to do this too, because right now SGX is driver controlled but it can be OS controlled (Linux and its derivatives have to incorporate it in as do they have to do with AMD's SEV or SME) which hasn't been fully implemented yet, and they have planned on that right from the start. Also there are much bigger changes for SGX 2.0 which will incorporate both the Intel driver and OS and 3rd party integration which should give even more protection, Skylake Xeons are expected to have this, which will be the direct competitor to Zen. And that will be more than what SEV can provide, much more pretty much its the whole enchilada.
PS
Interestingly enough SGX and SME both were released to Linux days within each other so neither AMD nor Intel have a time advantage here, Although Intel has had their hardware out earlier so developers might be working with SGX for more time though. So Intel has a good year and half advantage for their encryption methods.
Intel has been working with MS to get SGX incorporated into Windows which will become SGX 2.0, so I think they have quite a bit of lead.
Now SEV, SEM, keep this in mind, if the kernel of the OS is compromised they will not be able to protect you at all! At least from what I have read so far and the developer videos I've just watched. And we all know rootkits try to do this and this is why I stated AMD's encryption will not stop hackers. Might slow them down but won't stop em. And if a hacker has direct access to the hardware, forget about it, it will be done and over with.
Hopefully this post kills off the overhype?
Last edited:
