Today cloud data protection is a critical requirement, and it will be even more important in the future as we have more in-depth and sensitive data in the cloud for new types of workloads (such as IoT and machine learning). Since VM is the key container of such data, it is crucial to protect VM at-rest (as in storage), in-transit (as in network), and during execution. Encryption is considered as the foundation technology for VM protection, and there are established encryption technologies for VMs at-rest and in-transit. Intel® Multi-Key Total Memory Encryption (MKTME) is Intel's new memory encryption technology which supports VM memory encryption to complete VM protection in VM's entire lifecycle. In this presentation we give an introduction to Intel® MKTME, from background, to its hardware architecture, typical use cases in cloud, and our enabling work on Linux/KVM.
