Modern processors are designed to protect sensitive data in memory from both hardware and software attacks. Some processors provide cryptographic mechanisms for encryption, integrity, and replay protection. Memory encryption protects the confidentiality of memory-resident data (e.g., data stored to off-die memory). On the other hand, integrity protection prevents an attacker from causing hidden modifications to the ciphertext (i.e., encrypted data, as opposed to plaintext which is unencrypted data) in memory, and replay protection eliminates undetected temporal substitution of the ciphertext. In the absence of such protections, an attacker with physical access to the system can record snapshots of data cache lines from the processor and replay them at a later point in time.
Memory encryption is primarily designed to protect against passive attacks where an attacker tries to silently observe the data cache lines as the data cache lines move on and off the processor die. Some processors include an encryption module that encrypts sensitive data before the data is stored into a protected region of the memory. On a memory read to the protected region, the data cache line is decrypted before being fed into the processor.