a thought: do MPK actually control the kernel's ability to access memory? on intel, i think if you try to read that memory, a page fault wont be thrown. although with PKS, kernel reads will cause a page fault.
replyso can the kernel (ring0) freely read/write to memory encrypted with MPK? I think so, yes. good luck with whatever happens next tho lol
There are two versions of MPK. One is only applicable to userspace pages. The other is newer and can be applied to kernel space pages; last time I checked, this was only available on newer Xeon processors.
replyBy the way, MPK memory is not encrypted. The key is just an identifier for the requestor. If it doesn’t match the same identifier for the memory page, then an exception is raised.