RAM encryption and key storing in CPU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

==========
Problem:

Everything is stored in plaintext in the Memory.

So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running:

https://citp.princeton.edu/research/memory/media/

==========
Solution:

Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks?

https://www1.informatik.uni-erlangen.de/tresor

Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it?

*if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it.

Thank you for your comments.

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]