alt Hacker Newsa thought: do MPK actually control the kernel's ability to access memory? on intel, i think if you try to read that memory, a page fault wont be thrown. although with PKS, kernel reads will cause a page fault.
so can the kernel (ring0) freely read/write to memory encrypted with MPK? I think so, yes. good luck with whatever happens next tho lol
There are two versions of MPK. One is only applicable to userspace pages. The other is newer and can be applied to kernel space pages; last time I checked, this was only available on newer Xeon processors.
By the way, MPK memory is not encrypted. The key is just an identifier for the requestor. If the requestor key doesn’t match the same identifier for the memory page, then an exception is raised.
Funnily enough, MPK isn’t new at all. It’s almost a reintroduction of a feature from Itanium.