Re: the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Feb 23, 2008 at 11:23:16PM +0100, markus reichelt wrote:

> > there is aonether option that is well doable with todays
> > technology.  On a multi-CPU machine run a dedicated
> > noninterruptible kernel thread on one of the cores which keeps
> > essential parts of the key in CPU registers at all times.
> 
> How do you prevent the OS from using this CPU? If it's a dualcore
> system, ok, but what about quadcore+ systems? I agree it's possible
> (and takes the idea of using "cache" for key storage to an extreme
> level).

not sure if it can be done fully portably by the means of todays OS
but CPUs can be left unused by OS.

> Has it been achieved to access CPU#1 regs from a thread running on
> CPU#2, f.e., a) without significant speed penalties and b) at all? 

the idea was to have that thread do all encryption tasks as well, so
no need to access registers across CPUs

Richard

Attachment: pgp74Z7SJA2qZ.pgp
Description: PGP signature


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux