Protection of memory in computer systems is of paramount importance. Memory can be encrypted to protect the confidentiality, integrity and replay of memory data. Sections of memory can be encrypted using different types of encryption. Each type of encryption includes its own respective security metadata. For example a section of memory, such as a page of memory, may be encrypted using a first type of encryption and having first security metadata associated therewith and stored in memory. The same section of memory may be encrypted using a second type of encryption having a second type of security metadata associated therewith and stored in memory. The amount of memory required to provide this protection of memory in terms of security metadata results in a large amount of memory being taken up by the protection mechanism.
By way of example, one mode of encryption is known as Total Memory Encryption with integrity (TMEi) which targets protecting the confidentiality and integrity of an entire platform memory. TMEi also finds usages in protection against software data corruption. In order for TMEi to provide integrity protections, it requires security metadata to be stored in memory.
By way of example, another mode of encryption is known as Software Guard eXtensions (SGX) and uses a Memory Encryption Engine (MEE) to protect a fixed region of memory. While other types of encryption may be used, the following example is for explanation purposes. With SGX and TMEi co-existent on the platform, assuming no optimizations to reduce storage overheads for MEE, the current platforms will reserve a large piece of the system memory for security metadata, a significant overhead for the security.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.