linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
* RAM encryption and key storing in CPU
@ 2015-05-21 10:17 ngabor
  0 siblings, 0 replies; 3+ messages in thread
From: ngabor @ 2015-05-21 10:17 UTC (permalink / raw)
  To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com,
	tj@kernel.org, cl@linux-foundation.org

[-- Attachment #1: Type: text/plain, Size: 929 bytes --]

Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 1378 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: RAM encryption and key storing in CPU
@ 2015-05-23  9:01 ngabor
  0 siblings, 0 replies; 3+ messages in thread
From: ngabor @ 2015-05-23  9:01 UTC (permalink / raw)
  To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com,
	tj@kernel.org, cl@linux-foundation.org

[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]

Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 1756 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: RAM encryption and key storing in CPU
@ 2015-06-19 17:22 ngabor
  0 siblings, 0 replies; 3+ messages in thread
From: ngabor @ 2015-06-19 17:22 UTC (permalink / raw)
  To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com,
	tj@kernel.org, cl@linux-foundation.org

[-- Attachment #1: Type: text/plain, Size: 1453 bytes --]

Hallo? :)


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): May 23 2015 09:01:26

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 2133 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-06-19 17:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-21 10:17 RAM encryption and key storing in CPU ngabor
  -- strict thread matches above, loose matches on Subject: below --
2015-05-23  9:01 ngabor
2015-06-19 17:22 ngabor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).