-
-
Some secrets basically have to stay in RAM for performance reasons (eg, there's no way you can punt disk decryption off to the TPM), and it seems difficult to have any kind of protection in that without hardware encryption of the pages
-
Full memory encryption in hardware is the long term solution. It's been available for years on ARM SoCs, AMD has it as part of SEV and Intel have promised to follow. https://software.intel.com/en-us/blogs/2017/12/22/intel-releases-new-technology-specification-for-memory-encryption …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.