| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 May 2015 11:21:40 -0400 From: "someone called" <someonecalled@...e-mail.net> To: linux-kernel@...r.kernel.org Subject: RAM encryption and key storing in CPU Hello, ========== Problem: Everything is stored in plaintext in the Memory. So if although full disc encryption is used on an ex.: Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running: https://citp.princeton.edu/research/memory/media/ ========== Solution: Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid these kind of attacks in general? Example patches (I am NOT related to them): https://www1.informatik.uni-erlangen.de/tresor Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it? *if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it. Thank you for your comments. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists