Intel® Optane™ Persistent Memory
Examine Issues Related to Intel® Optane™ Persistent Memory
73 Discussions

Extended Asynchronous DRAM Refresh (eADR)+DRAM+Intel Optane Persistent Memory+Hardware Encryption

Aoyang-Tong
Beginner
2,854 Views

Hello, 

I'm glad to see that the Extended Asynchronous DRAM Refresh (eADR) can guarantee the persistence of the cache hierarchy. I would like to know that if the flushed data by eADR goes through the memory controller and is encrypted by the memory controller upon a system crash or power failure?

And if I equip both DRAM and Intel Optane Persistent Memory (App Direct Mode) in the server, does eADR flush the cached DRAM data to PM, or does eADR flush the cached DRAM data back to volatile DRAM upon a system crash or power failure?

Thanks.

0 Kudos
1 Solution
BrusC_Intel
Employee
2,678 Views

Hello, Aoyang-Tong.


We would like to share the following regarding your questions.


About your first question, with eADR data in the CPU cache is written to PMem.


For the second one regarding encryption, this is covered in the Security Section of the product brief, please see below:


While in Memory Mode the Intel® Optane™ persistent memory encryption key is removed when powered down and is regenerated at each boot. This means data is no longer accessible. In App Direct Mode data is encrypted using a key on the module. Intel® Optane™ persistent memory is locked at power loss and a passphrase is needed to unlock and access the data. The encryption key is stored in a security metadata region on the module and is only accessible by the Intel® Optane™ persistent memory controller. If repurposing or discarding the module, a secure cryptographic erase and DIMM over-write is utilized to keep data from being accessed


Finally, regarding SGX, there have been no changes on this aspect, the Intel Optane Persistent Memory 200 Series does not work with Intel SGX to maintain security properties, and the latest platform released with support for this PMEM model is the Whitley platform, where this still applies.


If we can help you with anything else, please let me know, and I will follow up on September 18th just in case.


Regards,


Bruce C.

Intel Customer Support Technician


View solution in original post

0 Kudos
9 Replies
BrusC_Intel
Employee
2,774 Views

Hello, Aoyang-Tong.


Thank you for posting on the Intel Community Support forums.


I received your thread regarding this particular Persistent Memory 100 question, and I will be reviewing this with you.


There are some details we would like to obtain so we can confirm, please let me know the following:


1. What is the model of Persistent Memory being used?

2. What is the model of the server system/motherboard being used?

3. Are there any other system or case details you can share?


I will follow up on September 15th just in case.


Regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
Aoyang-Tong
Beginner
2,730 Views

Hi, Bruce.


Currently, I'm using an Intel(R) Xeon(R) Gold 6330 CPU @ 2.00GHz with Intel Optane Persistent Memory 200 Series in App Direct Mode. I have noticed that the Extended Asynchronous DRAM Refresh (eADR) is supported in the 3rd generation Intel Xeon Scalable Processors. And eADR can flush all data in the CPU Cache to Optane PMem upon a system crash or power failure. I have also noticed that Intel Optane persistent memory has 256-AES hardware encryption in the memory controller. So, I would like to know if the flushed data by eADR is encrypted in the memory controller during a system crash or power failure?

 

And if I equip both DRAM and Intel Optane Persistent Memory (App Direct Mode) in the server, does eADR flush the cached DRAM data to PM, or does eADR flush the cached DRAM data back to volatile DRAM (so the cached DRAM data will be lost) upon a system crash or power failure?

 

Thanks.

0 Kudos
BrusC_Intel
Employee
2,715 Views

Hello, Aoyang-Tong.


Thank you for the additional details.


Please allow us to review your inquiries and I will contact you back as soon as possible.


Regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
BrusC_Intel
Employee
2,708 Views

Hello, Aoyang-Tong.


We would like to share the following details regarding your questions.


The eADR feature is really the next level of the standard ADR capability.

 

  • This is how ADR (not eADR) works: "ADR ensures that, during a power loss, all pending writes sitting on the write pending queues (WPQs) of the memory controller are written to PMem. In addition, ADR places DRAM in self-refresh mode. Given that some non-volatile dual in-line memory modules (NVDIMMs) are composed of both DRAM and flash chips, self-refresh is key to ensuring data in DRAM is in a “safe” state before it is backed up to flash." That means, DRAM data is kept in DRAM, but it will not be lost due to the self-refresh mode.
  • What eADR does is that it extends the domain to also include the CPU caches. This topic is well explained here: eADR: New Opportunities for Persistent Memory Applications

 

About the encryption question, all data written to the persistent memory is encrypted. That means, data written due to the ADR/eADR feature will also be encrypted because it's being written in the persistent memory.


If you have additional questions, please let me know, and I will follow up on September 18th just in case.


Regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
Aoyang-Tong
Beginner
2,692 Views

Hi, Bruce.

 

Thank you for your reply. I have another several questions:

 

I'm still confused about "DRAM data is kept in DRAM, but it will not be lost due to the self-refresh mode", does it mean DRAM data in the CPU cache is flushed back to DRAM upon a system crash or power failure? And if I equip DRAM without flash chips, is DRAM data in the CPU Cache lost upon a system crash or power failure as DRAM is volatile?

 

And I have noticed that Intel Optane persistent memory supports 256-AES hardware encryption, so when and where is data encrypted? Is data encrypted in the memory controller, or is data encrypted in the medium (so data in the memory controller is still plaintext)?

 

Another question is about Intel SGX, I have noticed that "On either series 100 or 200, once SGX is enabled the Persistent module is disabled." (see Which processor supports both optane memory and SGX? ) and "However, Intel is working to drive a solution for future platforms." (see Intel SGX + DC Persistent Memory ) But these topics were posted 2 years ago, so I'm wondering if there are any updates on Intel SGX so that Intel SGX can work with Intel Optane Persistent Memory?

 

Thanks.

0 Kudos
BrusC_Intel
Employee
2,684 Views

Hello, Aoyang-Tong.


Thank you for the response.


We are currently reviewing your inquiries and I will provide you a response as soon as possible.


Regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
BrusC_Intel
Employee
2,679 Views

Hello, Aoyang-Tong.


We would like to share the following regarding your questions.


About your first question, with eADR data in the CPU cache is written to PMem.


For the second one regarding encryption, this is covered in the Security Section of the product brief, please see below:


While in Memory Mode the Intel® Optane™ persistent memory encryption key is removed when powered down and is regenerated at each boot. This means data is no longer accessible. In App Direct Mode data is encrypted using a key on the module. Intel® Optane™ persistent memory is locked at power loss and a passphrase is needed to unlock and access the data. The encryption key is stored in a security metadata region on the module and is only accessible by the Intel® Optane™ persistent memory controller. If repurposing or discarding the module, a secure cryptographic erase and DIMM over-write is utilized to keep data from being accessed


Finally, regarding SGX, there have been no changes on this aspect, the Intel Optane Persistent Memory 200 Series does not work with Intel SGX to maintain security properties, and the latest platform released with support for this PMEM model is the Whitley platform, where this still applies.


If we can help you with anything else, please let me know, and I will follow up on September 18th just in case.


Regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
Aoyang-Tong
Beginner
2,666 Views

Hi, Bruce.

 

Thank you very much for your reply. It's clear to me now.

0 Kudos
BrusC_Intel
Employee
2,650 Views

Hello, Aoyang-Tong.


I'm happy to help.


This support thread will be closed right now, and it will no longer be monitored by Intel support, but if you require any type of assistance from Intel in the future, just open a new thread, or contact us using any of the available support methods:

- https://www.intel.com/content/www/us/en/support/contact-intel.html


Best regards,


Bruce C.

Intel Customer Support Technician


0 Kudos
Reply