You are not logged in.

#1 2022-09-08 08:41:55

Registered: 2018-09-30
Posts: 113

Is it possible to encrypt RAM at boot?

Hey friends,

I’m a bit of a security hobbyist and while I don’t really have any risk personally here, and don’t have an urgent need for something like this myself, I was nevertheless thinking about RAM and what could be recovered from it.

I guess my basic question here is, is it possible to randomly encrypt RAM at boot so that the data is completely unrecoverable after a shutdown? I acknowledge this will break certain features like hibernate and the encryption/decryption key would have to probably exist _somewhere_ while the computer remains booted, but I still wonder about something like this existing.

I looked through some of the dm-crypt docs and wasn’t able to find anything. It’s possible I didn’t look hard enough. Thanks!


#2 2022-09-08 09:35:10

Registered: 2022-09-03
Posts: 8

Re: Is it possible to encrypt RAM at boot?

Some of the later AMD CPUs have RAM encryption at the hardware level, which is probably what needed to happen a long time ago. Needs to be looked in-depth because there constantly pop up hardware vulnerabilities.
For the time being, you can start runing a QEMU KVM on a fully dm-crypt'ed host hard drive so you minimize unencrypted RAM footprint.


Board footer

Powered by FluxBB