[$] A proposed API for full-memory encryption

Hardware memory encryption is, or will soon be, available on multiple
generic CPUs. In its absence, data is stored — and passes between the
memory chips and the processor — in the clear. Attackers may be able to
access it by using hardware probes or by directly accessing the chips, which is
especially problematic with persistent memory. One new memory-encryption
offering is Intel's Multi-Key
Total Memory Encryption (MKTME) [PDF]; AMD's equivalent is called Secure Encrypted Virtualization
(SEV). The implementation of support for this
feature is in progress for the Linux kernel. Recently, Alison Schofield proposed a user-space API for MKTME, provoking
a long discussion on how memory encryption should be
exposed to the user, if at all.