On Fri, Jan 6, 2023 at 12:54 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
> I'm going to suggest a very very different approach: fix secret
> storage in memory for real. That is, don't lock "super secret
> sensitive stuff" into memory, and don't wipe it either. *Encrypt* it.
I don't think you're wrong, but people will complain about key
management, and worry about that part instead.
Honestly, this is what SGX and CPU enclaves is _supposed_ to all do
for you, but then nobody uses it for various reasons.
Linus
