[SOLVED] Is it possible that RAM is encrypted too, without special hardware?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by metaschima
In conclusion, yes you can encrypt RAM, but no it won't help you if the VPS host owns the hardware and is the adversary.
What intrigues me is what if your host isn't your adversary but they're merely expected to monitor you in some way? It would be interesting to hear from anyone who works for a VPS hosting company regarding what, if anything, they are expected to log.
Looks like there is a place for the key in the cpu after all, that can be prevented from appearing in snapshots of a VPS:
Quote:
He concluded that modern x86 processors had two register areas where CPU-based kernel encryption was realistic: the SSE registers which could in effect be made privileged by disabling all SSE instructions (and necessarily, any programs relying on them), and the debug registers which were much smaller but had no such issues.
Root access to the encryption keys via the kernel of a running system is possible using loadable kernel modules or /dev/kmem if compiled to support these, but otherwise appears not to be accessible in any known way on a standard running system.
Cold boot attacks on the CPU: - on real processors registers are cleared to zero on both hardware resets and software resets ("Ctrl-Alt-Delete"). However CPU registers are currently vulnerable on virtual machines, since they are reset during simulated hardware resets but not during software resets. The authors deem this an apparent flaw in many implementations of virtual machines, but note that virtual systems would be inherently vulnerable even if this were rectified, since all registers on a virtual machine are likely to be accessible using the host system.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by 273
What intrigues me is what if your host isn't your adversary but they're merely expected to monitor you in some way? It would be interesting to hear from anyone who works for a VPS hosting company regarding what, if anything, they are expected to log.
I am still interested in this angle. I know that it goes against security principals but what if you are just trying to "slip under the radar" using a hosting provider whose employees are more interested in their Friday pizza than your data?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
