Fwd: Learning from dpr mistakes
Travis Biehn
tbiehn at gmail.com
Wed Feb 11 12:53:10 PST 2015
You are protecting against hardware attackers with TRESOR.
So... it only makes sense at the bare-metal / Hypervisor level.
-Travis
On Wed, Feb 11, 2015 at 3:33 PM, Alfie John <alfiej at fastmail.fm> wrote:
> On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote:
> > + cypherpunks
> >
> > http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug or SSE
> > registers and never leave the CPU. Use of AES-NI gives you solid
> > performance. [side-channel DPA/timing etc vulnerable, though :(]
> >
> > That + trusted boot + dm-verity & FDE. Delicious. [Add Xen bare-metal
> > & qubes-esque setup.]
> >
> > I've never seen TRESOR work, that might be a fun side-project for
> > someone.
>
> Wouldn't running TRESOR under Xen be useless as Xen would need to
> save/restore SSE registers when switching between VMs (and putting them
> in memory)?
>
> Alfie
>
> --
> Alfie John
> alfiej at fastmail.fm
>
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1990 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150211/cfc1d7e6/attachment-0001.txt>
More information about the cypherpunks
mailing list