From: ngabor <ngabor@protonmail.ch>
To: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"bp@alien8.de" <bp@alien8.de>,
"lizefan@huawei.com" <lizefan@huawei.com>,
"tj@kernel.org" <tj@kernel.org>,
"cl@linux-foundation.org" <cl@linux-foundation.org>
Subject: Re: RAM encryption and key storing in CPU
Date: Sat, 23 May 2015 05:01:26 -0400 [thread overview]
Message-ID: <edd20e0d3264b01523d2a9b97a5cdf53@protonmail.ch> (raw)
[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]
Any comments?
-------- Original Message --------
Subject: RAM encryption and key storing in CPU
Time (GMT): May 21 2015 10:17:25
From: ngabor@protonmail.ch
To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org
Hello,
==========
Problem:
Everything is stored in plaintext in the Memory.
So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:
https://citp.princeton.edu/research/memory/media/
==========
Solution:
Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?
https://www1.informatik.uni-erlangen.de/tresor
Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?
*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.
Thank you for your comments.
[-- Attachment #2: Type: text/html, Size: 1756 bytes --]
next reply other threads:[~2015-05-23 9:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-23 9:01 ngabor [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-06-19 17:22 RAM encryption and key storing in CPU ngabor
2015-05-21 10:17 ngabor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=edd20e0d3264b01523d2a9b97a5cdf53@protonmail.ch \
--to=ngabor@protonmail.ch \
--cc=bp@alien8.de \
--cc=cl@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=lizefan@huawei.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).