A proposed API for full-memory encryption

The recent patch set from Schofield goes further, adding the user interface to set up the encryption and (optionally) keys, assign key identifiers to memory regions; the patch set also adds a key store to support CPU hotplug. Setting up MKTME requires a few steps: create a key, map a region of anonymous memory, and enable the encryption. Problems could arise because the user’s mapping and the kernel’s direct mapping will have different keys for the same memory, so data corruption may occur.

Source: lwn.net