Erase memory on shutdown
Valeri Galtsev
galtsev at kicp.uchicago.edu
Fri Aug 10 15:24:27 UTC 2018
On 08/10/18 09:08, cpghost wrote:
> On 08/05/18 17:55, Valeri Galtsev wrote:
>> Another route could be encryption of RAM on-the-fly while system runs, yet
>> it is questionable where the encryption key itself is kept to be
>> unaccessible for the attacker in the attack above, and boot of such system
>> may require warm body present.
>
> What about SEV?
>
> https://developer.amd.com/amd-secure-memory-encryption-sme-amd-secure-encrypted-virtualization-sev/
> https://github.com/AMDESE/AMDSEV
I personally am an opponent of the other processor in my machine that
has almighty access to my machine, can access external hosts via the
same physical network connection though not controllable by me, the
sysadmin of the machine (or machine owner). It sounds to me that it is
in the same general direction as Intel ME.
Out of two bads I choose the lesser bad. Namely: the possibility of
attack by the bad guy who has physical access to my machine is lesser
bad than the possibility of attack through super-system which I have no
way to modify, control, or turn off, that runs on another CPU, has
control over my hardware that runs my system, and my system is a slave
to that super-system.
Do you think it is your machine? No, it is their machine (whoever they are).
There is one (small?) company that tries to rid of all proprietary code
and other means of control, thus giving the owner full possession of his
hardware ("impregnable" for third parties, be it even the main CPU
manufacturer):
https://puri.sm/
https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
They also implement open source coreboot instead of proprietary EFI or
BIOS. And they do not have in their hardware anything that requires
available as binary only "firmware" or "microcode". So, they use famous
Atheros WiFi, but they never use working great but running proprietary
firmware Intel WiFi.
I'd like to hear if anyone knows about similar efforts by other computer
manufacturers.
Sorry, this went a bit off the original point (but not quite off of it).
Valeri
>
>> Valeri
>
> -cpghost.
>
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list