Securing Memory at EPYC Scale

Cloudflare discusses their strategy of ensuring security by encrypting data both in transit and at rest. They explore the issue of data vulnerability when it's in use, specifically within RAM. The company investigates various technologies to protect against physical system attacks, such as enclaves. However, they find that Secure Memory Encryption (SME) offered by AMD EPYC processors provides a more comprehensive solution for encrypting all memory at scale. They test the performance impact of enabling SME and find it to be less than expected, thus reducing the worry of data exfiltration from a stolen server.