AMD's memory encryption (aka SME)

[grarpamp]

> does anyone have an opinion on AMD's "Secure Memory Encryption"? This
> transparently encrypts all/most RAM pages.
> Looking at some tech docs, this seems fairly easy to implement.
> I was wondering if someone has attempted that already, or knows of
> reasons why not to.

Consider applications to rowhammer, cold boot attacks, shared
hosting, VM, poison, etc... there are papers on some use cases.
AMD SME has some different levels with EPYC being full
featured, TR and PRO differently, than even consumer cpu last.
FreeBSD should also implement sysctl that writes random
to all memory (even over kernel) just before halt / reboot call.
Similar for unallocated upon sleep, upon alloc release,
and as background scrub.
User can already choose random upon alloc with malloc.conf
but that is different than above.
Also: memtest86[+] integration.