You are protecting against hardware attackers with TRESOR.
   So... it only makes sense at the bare-metal / Hypervisor level.
   -Travis

   On Wed, Feb 11, 2015 at 3:33 PM, Alfie John <[1]alfiej@fastmail.fm>
   wrote:

     On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote:
     > + cypherpunks
     >
     > [2]http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug
     or SSE
     > registers and never leave the CPU. Use of AES-NI gives you solid
     > performance. [side-channel DPA/timing etc vulnerable, though :(]
     >
     > That + trusted boot + dm-verity & FDE. Delicious. [Add Xen
     bare-metal
     > & qubes-esque setup.]
     >
     > I've never seen TRESOR work, that might be a fun side-project for
     > someone.
     Wouldn't running TRESOR under Xen be useless as Xen would need to
     save/restore SSE registers when switching between VMs (and putting
     them
     in memory)?
     Alfie
     --
       Alfie John
       [3]alfiej@fastmail.fm

   --
   [4]Twitter | [5]LinkedIn | [6]GitHub | [7]TravisBiehn.com | [8]Google
   Plus

References

   1. mailto:alfiej@fastmail.fm
   2. http://en.wikipedia.org/wiki/TRESOR
   3. mailto:alfiej@fastmail.fm
   4. https://twitter.com/tbiehn
   5. http://www.linkedin.com/in/travisbiehn
   6. http://github.com/tbiehn
   7. http://www.travisbiehn.com/
   8. https://plus.google.com/+TravisBiehn