MID-065: RAM Encryption

Mitigation Tier: Intermediate

Description

Some modern processors from Intel, AMD, and ARM include support for dynamically encrypting portions of memory to create secure enclaves for sensitive processes or virtual machines. This mechanism prevents unauthorized accesses to the cleartext contents of these memory regions from attacks such as (i) memory extraction through direct reads like in a Coldboot attack, (ii) DMA access to data in volatile memory not in active use, (iii) privilege escalation that gives processes direct memory reads, (iiii) reading memory being transferred into/out of volatile memory, and (iv) can prevent RowHammer-style attacks from targeting specific bit flip manipulations (e.g., for privilege escalation) and reduce them to denial of service.

IEC 62443 4-2 Mappings

• CR 4.1 – Information confidentiality

References

[1] Intel. “Runtime Encryption of Memory with Intel® Total Memory Encryption–Multi-Key.” intel.com. Accessed: Aug. 28, 2024. [Online]. Available: https://www.intel.com/content/www/us/en/developer/articles/news/runtime-encryption-of-memory-with-intel-tme-mk.html

[2] D. Kaplan, J. Powell, T. Woller, ”AMD Memory Encryption,” amd.com, 2021. Accessed: Aug. 28, 2024. [Online]. Available: https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf

[3] ARM. “Learn the Architecture – Realm Management Engine.” arm.com. Accessed: Aug. 28, 2024. [Online]. Available: https://developer.arm.com/documentation/den0126/0100/Overview

MID-065