Im just a bit out of my depth here, but would it be possible to have
encrypted memory ?
Like the physical memory is encrypted but it is mapped to virtual memory
which is unencrypted, to get to this secure virtual memory, you would
have to use a special encryption module.
This may narrow the security risk to how the encryption module behaves
within the kernel.
I though of this when remember ages ago there was "ram doubler" software
for other operating systems that compressed memory, they allowed
programs to reside in memmory in compresed form.
Like i said, im out of my depth, maybe this would be just shifting the
problem, i hope im not just demonstrating my ignorance.
Thanks
Glenn McGrath
"H. Peter Anvin" wrote:
>
> Grendel wrote:
> > >
> > > While mounted? No. Root has access to the entire machine and
> > Why not? Just never decrypt data on fs read. Feed the client with encrypted
> > data and leave it to them to decrypt it.
> >
>
> Then it's not an encrypted **FILESYSTEM**. Application level encryption
> is a whole other matter. Even so, root can intercept the client process
> and read the data out of its memory.
>
> -hpa
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:27 EST