You absolutely can have that and more, what we in industry, attestation on Linux. Though the most obvious adaptation of that would the confidential computing space for key bits of the game data instead of the whole fucking OS. Though hardware level memory encryption is a server CPU feature that I don’t think any desktop ones support yet
Ryzen so-called “AI” Max Pro has hardware level memory encryption, at least it does on my HP ZBook. But it might be actually be the first laptop to do that as far as I know
Ahh, it’s a got a system called Memory Guard but that is just brand name for Transparent SME. Which still, freaking finally, that’s awesome. Though in the context of confidential computing, where container/VM memory spaces are assured through encryption it doesn’t help since there is no granular page control just the entire memory system transparently to the system above.
Though I’m not sure if that is a hardware, firmware, or driver limitation (I think below driver because of the reports I saw of fedora failing to boot with the kernel flag set to use it).
On my laptop it seems totally transparent to the OS, but I haven’t tried setting any kernel params for it, didn’t even occur to me there was such a thing but it’d make sense if there is
You absolutely can have that and more, what we in industry, attestation on Linux. Though the most obvious adaptation of that would the confidential computing space for key bits of the game data instead of the whole fucking OS. Though hardware level memory encryption is a server CPU feature that I don’t think any desktop ones support yet
Yeah confidential compute would be the way to go. But it’s expensive and not mainstream yet
Worse yet is gaming is normally a lot PCIe data, that encryption is still very expensive performance wise.
Ryzen so-called “AI” Max Pro has hardware level memory encryption, at least it does on my HP ZBook. But it might be actually be the first laptop to do that as far as I know
Ahh, it’s a got a system called Memory Guard but that is just brand name for Transparent SME. Which still, freaking finally, that’s awesome. Though in the context of confidential computing, where container/VM memory spaces are assured through encryption it doesn’t help since there is no granular page control just the entire memory system transparently to the system above.
Though I’m not sure if that is a hardware, firmware, or driver limitation (I think below driver because of the reports I saw of fedora failing to boot with the kernel flag set to use it).
https://en.wikichip.org/wiki/x86/sme
On my laptop it seems totally transparent to the OS, but I haven’t tried setting any kernel params for it, didn’t even occur to me there was such a thing but it’d make sense if there is
Ooohh, awesome! I gotta check that out then.