"On x86-64, there are two CPU settings which control the kernel’s ability to access memory.&quo...

hansendc • today at 12:26 AM • 1 reply • view on HN

"On x86-64, there are two CPU settings which control the kernel’s ability to access memory."

There are a couple more than two, even in 2021.

Memory Protection Keys come to mind, as do the NPT/EPT tables when virtualization is in play. SEV and SGX also have their own ways of preventing the kernel from writing to memory. The CPU also has range registers that protect certain special physical address ranges, like the TDX module's range. You can't write there either.

That's all that comes to mind at the moment. It's definitely a fun question!

Replies

karlgkk • today at 5:06 AM

a thought: do MPK actually control the kernel's ability to access memory? on intel, i think if you try to read that memory, a page fault wont be thrown. although with PKS, kernel reads will cause a page fault.

so can the kernel (ring0) freely read/write to memory encrypted with MPK? I think so, yes. good luck with whatever happens next tho lol

alt Hacker News

Replies