We'd set this for our secret stores ... though there's no real risk of booting into another OS in our own case.
-
-
For this case; would it be better to support encrypted pages, where the kernel holds the key, and uses any kinds of TPM or trust-store that might be available? I'm thinking of those crazy heist-with-liquid-nitrogen physical theft RAM recovery attacks.
-
Some secrets basically have to stay in RAM for performance reasons (eg, there's no way you can punt disk decryption off to the TPM), and it seems difficult to have any kind of protection in that without hardware encryption of the pages
- 1 more reply
New conversation -
-
-
Sure, but lots of folks use kexec/kdump as a crash handler...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.