Thread (1 message) 1 message, 1 author, 2020-08-26

Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas

From: Florian Weimer <hidden>
Date: 2020-08-26 19:01:42
Also in: linux-mm, lkml

* Andy Lutomirski:
quoted
I _believe_ there are also things like AES-NI that can get strong
protection from stuff like this.  They load encryption keys into (AVX)
registers and then can do encrypt/decrypt operations without the keys
leaving the registers.  If the key was loaded from a secret memory area
right into the registers, I think the protection from cache attacks
would be pretty strong.
Except for context switches :)
An rseq sequence could request that the AVX registers should be
cleared on context switch.  (I'm mostly kidding.)

I think the main issue is that we do not have a good established
programming model to actually use such features and completely avoid
making copies of secret data.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help