11 Feb
2015
11 Feb
'15
8:33 p.m.
On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote:
+ cypherpunks
http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug or SSE registers and never leave the CPU. Use of AES-NI gives you solid performance. [side-channel DPA/timing etc vulnerable, though :(]
That + trusted boot + dm-verity & FDE. Delicious. [Add Xen bare-metal & qubes-esque setup.]
I've never seen TRESOR work, that might be a fun side-project for someone.
Wouldn't running TRESOR under Xen be useless as Xen would need to save/restore SSE registers when switching between VMs (and putting them in memory)? Alfie -- Alfie John alfiej@fastmail.fm