Does anyone else experience the Ubuntu Kernel Malfunction: “Total Memory Encryption” Intel-MKTME bypass.
Ubuntu 23.10 (and below)
Linux Kernel 6.2 (and below)
Grub 2 - 9.10 (and below)
Note: Including LTS versions.
Briefing:
This technology encrypts the platform's entire memory with multiple encryption keys. Intel® Total Memory Encryption (Intel® TME), when enabled via BIOS configuration, ensures that all memory accessed from the Intel processor is encrypted.
Acknowledgment:
“kernel: x86/mktme: No known encryption algorithm is supported:” (random numerical value for each instance here) i.e., “0x6”
Details:
During installation and after, a prompt displays after the grub display, flashing the above acknowledged quoted dialog. This does not happen on other operating systems such as Fedora, or Kali, I have tried multiple flavors based on either major platform. This issue is persistent and has been relevant for a few years now, I first noticed it on 20.04, hoping this update was finally noticed by someone who gave a care to report or have this looked into. Disabling TME is not a resolution.
== MKTME-Provided Mitigations ==
MKTME adds a few mitigations against attacks that are not mitigated when using TME alone. The first set are mitigations against software attacks that are familiar today:
* Kernel Mapping Attacks: information disclosures that leverage the kernel direct map are mitigated against disclosing user data.
* Freed Data Leak Attacks: removing an encryption key from the hardware mitigates future user information disclosure.
The next set are attacks that depend on specialized hardware, such as an “evil DIMM” or a DDR interposer:
* Cross-Domain Replay Attack: data is captured from one domain (guest) and replayed to another at a later time.
* Cross-Domain Capture and Delayed Compare Attack: data is captured and later analyzed to discover secrets.
* Key Wear-out Attack: data is captured and analyzed in order to weaken the AES encryption itself.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Disclosed Information for more information if necessary.