Is anyone reading this? -------- Original Message -------- Subject: Re: ========== Re: RAM encryption and key storing in CPU ========== Time (UTC): August 4 2015 7:42 am From: ngabor@protonmail.ch To: linux-mm@kvack.org,bp@alien8.de,lizefan@huawei.com,tj@kernel.org,cl@linux-foundation.org CC: Hallo? -------- Original Message -------- Subject: ========== Re: RAM encryption and key storing in CPU ========== Time (GMT): Jun 23 2015 04:42:34 From: ngabor@protonmail.ch To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org Is anybody reading this? -------- Original Message -------- Subject: Re: RAM encryption and key storing in CPU Time (GMT): Jun 19 2015 17:22:49 From: ngabor@protonmail.ch To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org Hallo? :) -------- Original Message -------- Subject: Re: RAM encryption and key storing in CPU Time (GMT): May 23 2015 09:01:26 From: ngabor@protonmail.ch To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org Any comments? -------- Original Message -------- Subject: RAM encryption and key storing in CPU Time (GMT): May 21 2015 10:17:25 From: ngabor@protonmail.ch To: linux-mm@kvack.org, bp@alien8.de, lizefan@huawei.com, tj@kernel.org, cl@linux-foundation.org Hello, ========== Problem: Everything is stored in plaintext in the Memory. So if although full disc encryption is used on a Linux Desktop, it is possible to copy the content of the memory, while the notebook was on suspend or it was running: https://citp.princeton.edu/research/memory/media/ ========== Solution: Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks? https://www1.informatik.uni-erlangen.de/tresor Is this solution already in the Linux kernel? If yes, how can a Linux enduser turn it on? If no, how can we get the code/idea in the mainline? What are the arguments against it? *if someone would want to harden it's Linux Desktop (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it. Thank you for your comments.