[crypty]

What does it do with the encrypted RAM? The only possibility I see is to take an sufficiently large block, decrypt it into the cache an run it there. But then again if you need to jump out of the block how does the CPU know which block to decrypt next?

[TickleSteve]

page faults.... the hypervisor encrypts/decrypts on-demand. Much the same as virtual memory works (just that the plain-text data is only ever in the internal cache).

[crypty]

My point is that it is impossible to know where the next code chunk is if it is properly encrypted. How does the page fault handler know which block to decrypt next without first decrypting the whole code module, where module is a closed piece of code without jumps outside.

In my opinion every scheme to enable that will cripple the encryption.

[TickleSteve]

the code is decrypted into internal SRAM. executed normally. then an entirely normal page-fault happens at which point the hypervisor catches the trap and decrypts the data again into internal SRAM and maps it appropriately then allows the access to continue.

[walterbell]

Will SGX help this feature?