_______ __ _______ | |
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----. | |
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --| | |
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____| | |
on Gopher (inofficial) | |
Visit Hacker News on the Web | |
COMMENT PAGE FOR: | |
FridgeLock: Preventing Data Theft on Suspended Linux with Memory Encryption (… | |
TrueDuality wrote 1 day ago: | |
Intel TME and AMD SME (both on boot discardable unique memory | |
encryption technologies running in silicon) are both pretty common in | |
consumer grade hardware and has great Linux kernel support. | |
Both Android and iPhone's use their secure enclave's for storing their | |
encryption keys limiting the effective targets of these attacks (and | |
would be quite difficult to physically extract from). | |
I suppose this is still useful for older hardware and ultra budget | |
phones... But this is a protection against state actors and high end | |
espionage which wouldn't use those classes of devices... | |
Soooooo who is this for? What threat model is this meaningful for? In | |
what world am I trusting a random unaudited security module that taints | |
my kernel for _any_ security sensitive application? | |
snvzz wrote 1 day ago: | |
>great Linux kernel support | |
For some definition of great. E.g. Ryzen-based Thinkpad, not enabled | |
by default, hangs on boot if requested via mem_encrypt=on kernel | |
command line[0]. | |
[1]: https://www.kernel.org/doc/html/v5.8/x86/amd-memory-encrypti... | |
gertop wrote 22 hours 51 min ago: | |
I concur, SME on Linux is only usable in full memory encryption | |
mode (ie the kernel doesn't even know about it) on my ryzen laptop | |
as well. | |
gnabgib wrote 1 day ago: | |
(2020).. doesn't seem to have been much progress since, although there | |
is a 2019 POC (in C) by one of the authors[0] | |
[0]: | |
[1]: https://github.com/fridgelock-lkm/fridgelock | |
<- back to front page |