https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1652660#M6287 <P><SPAN>Is there a guide or a demo showing the steps for enabling TME in BIOS and then evaluating whether the DRAM is encrypted correctly?<BR /><BR /><A href="https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/total-memory-encrpytion.html" target="_blank">https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/total-memory-encrpytion.html</A></SPAN></P><P>&nbsp;</P><P><SPAN>The following picture shows that when 'Total Memory Encryption Bypass' is disabled, it indicates that TME is enabled. Is right?</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" style="width: 999px;"><img src="https://community.intel.com/t5/image/serverpage/image-id/61406i1E55C96254184485/image-size/large/is-moderation-mode/true?v=v2&amp;px=999&amp;whitelist-exif-data=Orientation%2CResolution%2COriginalDefaultFinalSize%2CCopyright" role="button" title="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" alt="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" /></span></P> Fri, 27 Dec 2024 10:54:35 GMT Bronze_me 2024-12-27T10:54:35Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1652660#M6287 <P><SPAN>Is there a guide or a demo showing the steps for enabling TME in BIOS and then evaluating whether the DRAM is encrypted correctly?<BR /><BR /><A href="https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/total-memory-encrpytion.html" target="_blank">https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/total-memory-encrpytion.html</A></SPAN></P><P>&nbsp;</P><P><SPAN>The following picture shows that when 'Total Memory Encryption Bypass' is disabled, it indicates that TME is enabled. Is right?</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" style="width: 999px;"><img src="https://community.intel.com/t5/image/serverpage/image-id/61406i1E55C96254184485/image-size/large/is-moderation-mode/true?v=v2&amp;px=999&amp;whitelist-exif-data=Orientation%2CResolution%2COriginalDefaultFinalSize%2CCopyright" role="button" title="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" alt="da313c6a-6c47-471a-b1e5-d8da60a10e9f.png" /></span></P> Fri, 27 Dec 2024 10:54:35 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1652660#M6287 Bronze_me 2024-12-27T10:54:35Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1654731#M6292 <P>The TME Bypass feature is used to allow non-trusted software (ie. standard, non-confidential VMs that aren't utilizing Intel TDX) to automatically bypass the memory encryption flows in the memory subsystem/controller.&nbsp; You can read a bit more about it at this link:&nbsp;&nbsp;<A href="https://www.intel.com/content/www/us/en/developer/articles/technical/trust-domain-extensions-on-4th-gen-xeon-processors.html" target="_blank">Performance Considerations: Intel® Trust Domain Extensions</A></P> Mon, 06 Jan 2025 15:14:55 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1654731#M6292 Scott_R_Intel 2025-01-06T15:14:55Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1655670#M6295 <P>Thank you very much for your response. Our application scenario is as follows:</P><OL><LI>User A will deploy their Intel server (which supports Intel TME) in User B's local area network data center.</LI><LI>User A will deploy an application developed by A (such as a web service) on the server, and User A will deploy their data and code on the Intel server in B's data center.</LI><LI>User A will only provide B with an HTTPS interface, and User A will independently maintain the Intel server, with only A having login access.</LI><LI>Based on the above description, A wishes to use the Intel TME mechanism to encrypt memory to defend against physical attacks (such as cold boot attacks and memory dump attacks) from B's data center (e.g., by B's data center personnel).</LI><LI>A wants to enable TME directly in the BIOS (without needing TDX or TME-MK), so that A does not need to make any modifications to the system software (Linux kernel) or application software.</LI></OL><P>Therefore, the question in this scenario is that we only need Intel TME, so Intel TME bypass must be configured as disabled to ensure the security of A's data, correct?</P> Thu, 09 Jan 2025 09:38:49 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-do-we-enable-Intel-TME-Total-Memory-Encryption-and-evaluate/m-p/1655670#M6295 Bronze_me 2025-01-09T09:38:49Z