========== Re: RAM encryption and key storing in CPU ==========

========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]

Is anybody reading this?


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): Jun 19 2015 17:22:49

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hallo? :)


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): May 23 2015 09:01:26

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 2526 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]

Hallo?


-------- Original Message --------

Subject: ========== Re: RAM encryption and key storing in CPU ==========

Time (GMT): Jun 23 2015 04:42:34

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Is anybody reading this?


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): Jun 19 2015 17:22:49

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hallo? :)


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): May 23 2015 09:01:26

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 2923 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 2315 bytes --]

Is anyone reading this?




-------- Original Message --------

Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========

Time (UTC): August 4 2015 7:42 am

From: ngabor@protonmail.ch

To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

CC:

Hallo?


-------- Original Message --------

Subject: ========== Re: RAM encryption and key storing in CPU ==========

Time (GMT): Jun 23 2015 04:42:34

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Is anybody reading this?


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): Jun 19 2015 17:22:49

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hallo? :)


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): May 23 2015 09:01:26

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 3356 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 2308 bytes --]

Is anybody here? :)




-------- Original Message --------

Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========

Time (UTC): August 4 2015 7:42 am

From: ngabor@protonmail.ch

To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org



Hallo?


-------- Original Message --------

Subject: ========== Re: RAM encryption and key storing in CPU ==========

Time (GMT): Jun 23 2015 04:42:34

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Is anybody reading this?


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): Jun 19 2015 17:22:49

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hallo? :)


-------- Original Message --------

Subject: Re: RAM encryption and key storing in CPU

Time (GMT): May 23 2015 09:01:26

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Any comments?


-------- Original Message --------

Subject: RAM encryption and key storing in CPU

Time (GMT): May 21 2015 10:17:25

From: ngabor@protonmail.ch

To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org



Hello,



==========

Problem:



Everything is stored in plaintext in the Memory.



So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:



https://citp.princeton.edu/research/memory/media/



==========

Solution:



Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?



https://www1.informatik.uni-erlangen.de/tresor



Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?



*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.



Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 3348 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 2536 bytes --]

Please reply?


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): September 3 2015 2:29 pm
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Is anybody here? :)


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): August 4 2015 7:42 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Hallo?

-------- Original Message --------
Subject: ========== Re: RAM encryption and key storing in CPU ==========
Time (GMT): Jun 23 2015 04:42:34
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Is anybody reading this?

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): Jun 19 2015 17:22:49
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hallo? :)

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): May 23 2015 09:01:26
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Any comments?

-------- Original Message --------
Subject: RAM encryption and key storing in CPU
Time (GMT): May 21 2015 10:17:25
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hello,

==========
Problem:

Everything is stored in plaintext in the Memory.

So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:

https://citp.princeton.edu/research/memory/media/

==========
Solution:

Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?

https://www1.informatik.uni-erlangen.de/tresor

Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?

*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.

Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 3811 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 2849 bytes --]

Hello? :)


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Local Time: October 8 2015 7:30 am
UTC Time: October 8 2015 5:30 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Please reply?


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): September 3 2015 2:29 pm
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Is anybody here? :)


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): August 4 2015 7:42 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Hallo?

-------- Original Message --------
Subject: ========== Re: RAM encryption and key storing in CPU ==========
Time (GMT): Jun 23 2015 04:42:34
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Is anybody reading this?

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): Jun 19 2015 17:22:49
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hallo? :)

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): May 23 2015 09:01:26
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Any comments?

-------- Original Message --------
Subject: RAM encryption and key storing in CPU
Time (GMT): May 21 2015 10:17:25
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hello,

==========
Problem:

Everything is stored in plaintext in the Memory.

So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:

https://citp.princeton.edu/research/memory/media/

==========
Solution:

Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?

https://www1.informatik.uni-erlangen.de/tresor

Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?

*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.

Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 4299 bytes --]

Re: ========== Re: RAM encryption and key storing in CPU ==========

[ngabor]

[-- Attachment #1: Type: text/plain, Size: 3162 bytes --]

Hallo??


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Local Time: January 8, 2016 5:36 pm
UTC Time: January 8, 2016 4:36 PM
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Hello? :)


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Local Time: October 8 2015 7:30 am
UTC Time: October 8 2015 5:30 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Please reply?


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): September 3 2015 2:29 pm
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Is anybody here? :)


-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): August 4 2015 7:42 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org

Hallo?

-------- Original Message --------
Subject: ========== Re: RAM encryption and key storing in CPU ==========
Time (GMT): Jun 23 2015 04:42:34
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Is anybody reading this?

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): Jun 19 2015 17:22:49
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hallo? :)

-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): May 23 2015 09:01:26
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Any comments?

-------- Original Message --------
Subject: RAM encryption and key storing in CPU
Time (GMT): May 21 2015 10:17:25
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org

Hello,

==========
Problem:

Everything is stored in plaintext in the Memory.

So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:

https://citp.princeton.edu/research/memory/media/

==========
Solution:

Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?

https://www1.informatik.uni-erlangen.de/tresor

Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?

*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.

Thank you for your comments.

[-- Attachment #2: Type: text/html, Size: 4799 bytes --]