On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote:
> + cypherpunks
>
> http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug or SSE
> registers and never leave the CPU. Use of AES-NI gives you solid
> performance. [side-channel DPA/timing etc vulnerable, though :(]
>
> That + trusted boot + dm-verity & FDE. Delicious. [Add Xen bare-metal
> & qubes-esque setup.]
>
> I've never seen TRESOR work, that might be a fun side-project for
> someone.

Wouldn't running TRESOR under Xen be useless as Xen would need to
save/restore SSE registers when switching between VMs (and putting them
in memory)?

Alfie

--
  Alfie John
  alfiej@fastmail.fm