You are not logged in.

#1 2022-09-08 08:41:55

Registered: 2018-09-30
Posts: 161

Is it possible to encrypt RAM at boot?

Hey friends,

I’m a bit of a security hobbyist and while I don’t really have any risk personally here, and don’t have an urgent need for something like this myself, I was nevertheless thinking about RAM and what could be recovered from it.

I guess my basic question here is, is it possible to randomly encrypt RAM at boot so that the data is completely unrecoverable after a shutdown? I acknowledge this will break certain features like hibernate and the encryption/decryption key would have to probably exist _somewhere_ while the computer remains booted, but I still wonder about something like this existing.

I looked through some of the dm-crypt docs and wasn’t able to find anything. It’s possible I didn’t look hard enough. Thanks!


#2 2022-09-08 09:35:10

Registered: 2022-09-03
Posts: 24

Re: Is it possible to encrypt RAM at boot?

Some of the later AMD CPUs have RAM encryption at the hardware level, which is probably what needed to happen a long time ago. Needs to be looked in-depth because there constantly pop up hardware vulnerabilities.
For the time being, you can start runing a QEMU KVM on a fully dm-crypt'ed host hard drive so you minimize unencrypted RAM footprint.

Hitchhacker's Guide to the Galaxy: “Nothing travels faster than the speed of light with the possible exception of bad news, which obeys its own special laws.”
If you didn't know you are backdoored, you are backdoored.


Board footer

Powered by FluxBB