From: ngabor <ngabor@protonmail.ch>
To: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"bp@alien8.de" <bp@alien8.de>,
"lizefan@huawei.com" <lizefan@huawei.com>,
"tj@kernel.org" <tj@kernel.org>,
"cl@linux-foundation.org" <cl@linux-foundation.org>
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Date: Thu, 3 Sep 2015 10:29:05 -0400 [thread overview]
Message-ID: <eb0ae559371c0f8970c416fb5037274a@protonmail.ch> (raw)
[-- Attachment #1: Type: text/plain, Size: 2308 bytes --]
Is anybody here? :)
-------- Original Message --------
Subject: Re: ========== Re: RAM encryption and key storing in CPU ==========
Time (UTC): August 4 2015 7:42 am
From: ngabor@protonmail.ch
To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org
Hallo?
-------- Original Message --------
Subject: ========== Re: RAM encryption and key storing in CPU ==========
Time (GMT): Jun 23 2015 04:42:34
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org
Is anybody reading this?
-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): Jun 19 2015 17:22:49
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org
Hallo? :)
-------- Original Message --------
Subject: Re: RAM encryption and key storing in CPU
Time (GMT): May 23 2015 09:01:26
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org
Any comments?
-------- Original Message --------
Subject: RAM encryption and key storing in CPU
Time (GMT): May 21 2015 10:17:25
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org
Hello,
==========
Problem:
Everything is stored in plaintext in the Memory.
So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:
https://citp.princeton.edu/research/memory/media/
==========
Solution:
Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?
https://www1.informatik.uni-erlangen.de/tresor
Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?
*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.
Thank you for your comments.
[-- Attachment #2: Type: text/html, Size: 3348 bytes --]
next reply other threads:[~2015-09-03 14:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-03 14:29 ngabor [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-10-08 5:30 ========== Re: RAM encryption and key storing in CPU ========== ngabor
2016-01-08 16:36 ` ngabor
2016-02-02 16:57 ` ngabor
2015-08-16 13:24 ngabor
2015-08-04 7:42 ngabor
2015-06-23 4:42 ngabor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb0ae559371c0f8970c416fb5037274a@protonmail.ch \
--to=ngabor@protonmail.ch \
--cc=bp@alien8.de \
--cc=cl@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=lizefan@huawei.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).