From owner-freebsd-questions@freebsd.org Fri Aug 10 14:08:05 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94D39106BD70 for ; Fri, 10 Aug 2018 14:08:05 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 136DB8C35A for ; Fri, 10 Aug 2018 14:08:04 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: by mail-ed1-x543.google.com with SMTP id x5-v6so4861624edr.0 for ; Fri, 10 Aug 2018 07:08:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cordula-ws.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=6ewpSaOk7PajNSXPjObP9FY1ukYQnANA3hGiBCQtjiU=; b=rh+xTdSaLzdxSHTGTcZF07LHOyTWZhYyiRAhGXx4X2Uxcqqxrj+o5emYPAsqfl1wHy Va8U+cmg2WOdVdtkBVMzRGr3hfQLwYnD6p/VZbfUFUMQto9T6OhivnXx8apTGgvdMnN1 BFmAzBQRw5DGpW5z9LKGrmUiyNqUB+zbx/WALRhztbdneFnCs0lEM5CZY58ZMD37F588 SrsNbSQIO5U2SdmZNU0G84q16liLSYR1h5cNAtd/gwAU3ilKlINptJFOED7SICn6qpF2 CiOpql01u31GPOMEb01Oh2HR30/Tp1qDT0cumlzlxp2GniV+U7vDxoFfh9QikULBAiY8 XaTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=6ewpSaOk7PajNSXPjObP9FY1ukYQnANA3hGiBCQtjiU=; b=uhX2d2EUbEETOhQitIhG3pD4bqa+z3bTom8pTE9ttQ22914IoJu7yPzxci2IZGig/4 MLlYSYWQOsRwbEqOB9uiREkKH6bBc78X9PzrEPocYVbjxcx4/LHlm/f5n6dMcJ7Du8et u4fTOWVPv9lwAx/bwZShi7fYKOfiNKJguFkFlPaoNnxw5oRpLfo0jmTjjJYM7u+XnoTp WNdZ1cDzpJkedpdGl57Ehywr6rLLI9x70EFKQNg3tOYAVa8FLlJpw8H5ZYbImdRIAUMh QOTxDH7ixqZXN3Ib43MKvN/WAgYv/HsXhx3jnGaUnJASSKmIyo0iYZysiCfGB6Ms93LO NtJQ== X-Gm-Message-State: AOUpUlEE7i55CiOrtnozSO/yNNo2XzH8Hl8eow8Z5VPPRcZvqGn5IKuE sT9v74PE+qitLALZ8giTiogWnHK3djQ= X-Google-Smtp-Source: AA+uWPyw1obZ4gs3Ipo8lg96nBEc0mOqlKHJIknSSusfkBX5Sb1mR1Cvk4sk7/ClWm0aRbrxuGTKlA== X-Received: by 2002:aa7:d786:: with SMTP id s6-v6mr8600328edq.228.1533910083604; Fri, 10 Aug 2018 07:08:03 -0700 (PDT) Received: from ?IPv6:2a02:908:960:c43e:2efd:a1ff:fe57:abb8? ([2a02:908:960:c43e:2efd:a1ff:fe57:abb8]) by smtp.gmail.com with ESMTPSA id y57-v6sm5214664edb.49.2018.08.10.07.08.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Aug 2018 07:08:02 -0700 (PDT) Subject: Re: Erase memory on shutdown To: freebsd-questions@freebsd.org References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> From: cpghost Message-ID: Date: Fri, 10 Aug 2018 16:08:01 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000207020502040008040600" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2018 14:08:05 -0000 This is a cryptographically signed message in MIME format. --------------ms000207020502040008040600 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 08/05/18 17:55, Valeri Galtsev wrote: > Another route could be encryption of RAM on-the-fly while system runs, = yet > it is questionable where the encryption key itself is kept to be > unaccessible for the attacker in the attack above, and boot of such sys= tem > may require warm body present. What about SEV? https://developer.amd.com/amd-secure-memory-encryption-sme-amd-secure-enc= rypted-virtualization-sev/ https://github.com/AMDESE/AMDSEV > Valeri -cpghost. --------------ms000207020502040008040600 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cx4wggUwMIIEGKADAgECAhEAxi8czu5BfArXx+KbCt8qNjANBgkqhkiG9w0BAQsFADCBlzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTcxMjIwMDAw MDAwWhcNMTgxMjIwMjM1OTU5WjAjMSEwHwYJKoZIhvcNAQkBFhJjcGdob3N0QGNvcmR1bGEu d3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuV3EBb8py/1yrTdT8cb8h5Ocl h5XDYOn2HNcGCENONWU7Rrz9X+suOufiGCwUzrj+ysDLzM/jfB8EQMFH+uZrt9hi1gb9QvXh jzHvHqrb0P6Bj/HV8VvWyywa+BbuHNxuvOHB+ECpQYs4/Itfyhr4F/08FhweUpP7W+NKK/m8 VvLyY3kT5T58DYN0AvxgN6LK0ejbKD44wOrjK4EwuZpRmKewuWi+VquqRS04vo6xVE+h2tqq BUmVv4q9S6fHnvDcDCg3Gs4NTc6eujsHK6O9SLcgKB3CkHm5mxMkqGWNvtLb9p3/y9A+/v3n 2GRE07mmRkeJ43ntSytkz5xCiYmpAgMBAAGjggHoMIIB5DAfBgNVHSMEGDAWgBSCr2yM+MX+ lmF86B89K3FIXsSLwDAdBgNVHQ4EFgQUJVBhgnBvX0Bb+4bCJ8KLFjYJ4powDgYDVR0PAQH/ BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC MBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsG AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBL hklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0 dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAdBgNVHREEFjAUgRJjcGdob3N0QGNvcmR1bGEud3MwDQYJKoZIhvcNAQELBQADggEBAAZ0 otdXgClU/ijwGvnOdARI7LVDD4pPg6BD1kTbMywUE6ti082zAvujveH4DkleGZaVByv1VHGV HAdB8S7P21bm2uGCxwJNdRGl2R8USNmE7OP0EXYlQLTXDQbpBBPoB8k5Tv8WGJfguxIrPpS6 L729xb5d75NoKFMYn8JHTlujcfYt5TZCir0tO5/B9BgfB01tokFQ814wpUWmXplnD+tfRLaJ OChKmyUnOi5qpBntd/PHpUDNFIUJy0QZ3sYt1PyW7ejhtMvGvI/cQLZdDOUXv432nu0dgy2K 8PDGRfhp/NZhW8He7ililwDIu4B229OfiKI3fpPCDtm+xz7V900wggXmMIIDzqADAgECAhBq m+E4O/8ra58B1dm4p1JWMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UE CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTAeFw0xMzAxMTAwMDAwMDBaFw0yODAxMDkyMzU5NTlaMIGXMQswCQYDVQQGEwJHQjEb MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK ExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAL6znlesKHZ1QBbHOAOY08YYdiFQ8yV5C0y1oNF9Olg+nKcxLqf2NHbZhGra0D00 SOTq9bus3/mxgUsg/Wh/eXQ0pnp8tZ8XZWAnlyKMpjL+qUByRjXCA6RQyDMqVaVUkbIr5SU0 RDX/kSsKwer3H1pT/HUrBN0X8sKtPTdGX8XAWt/VdMLBrZBlgvnkCos+KQWWCo63OTTqRvaq 8aWccm+KOMjTcE6s2mj6RkalweyDI7X+7U5lNo6jzC8RTXtVV4/Vwdax720YpMPJQaDaElmO upyTf1Qib+cpukNJnQmwygjD8m046DQkLnpXNCAGjuJy1F5NATksUsbfJAr7FLUCAwEAAaOC ATwwggE4MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSCr2yM +MX+lmF86B89K3FIXsSLwDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAR BgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9j YS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEE ZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRU cnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqG SIb3DQEBDAUAA4ICAQB4XLKBKDRPPO5fVs6fl1bsj6JrF/bz9kkIBtTYLzXN30D+03Hj6OxC DBEaIeNmsBhrJmuubvyE7HtoSmR809AgcYboW+rcTNZ/8u/Hv+GTrNI/AhqX2/kiQNxmgUPt /eJPs92Qclj0HnVyy9TnSvGkSDU7I5Px+TbO+88G4zipA2psZaWeEykgzClZlPz1FjTCkk77 ZXp5cQYYexE6zeeN4/0OqqoAloFrjAF4o50YJafX8mnahjp3I2Y2mkjhk0xQfhNqbzlLWPoT 3m7j7U26u7zg6swjOq8hITYc3/np5tM5aVyu6t99p17bTbY7+1RTWBviN9YJzK8HxzObXYWB f/L+VGOYNsQDTxAk0Hbvb1j6KjUhg7fO294F29QIhhmiNOr84JHoy+fNLpfvYc/Q9EtFOI5I SYgOxLk3nD/whbUe9rmEQXLp8MB933Ij474gwwCPUpwv9mj2PMnXoc7mbrS22XUSeTwxCTP9 bcmUdp4jmIoWfhQm7X9w/Zgddg+JZ/YnIHOwsGsaTUgj7fIvxqith7DoJC91WJ8Lce3CVJqb 1XWeKIJ84F7YLXZN0oa7TktYgDdmQVxYkZo1c5noaDKH9Oq9cbm/vOYRUM1cWcef20Wkyk5S /GFyyPJwG0fR1nRas3DqAf4cXxMiEKcff7PNa4M3RGTqH0pWR8p6EjGCBDgwggQ0AgEBMIGt MIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH EwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RP IFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAMYvHM7u QXwK18fimwrfKjYwDQYJYIZIAWUDBAIBBQCgggJbMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE4MDgxMDE0MDgwMVowLwYJKoZIhvcNAQkEMSIEIPniXhKE 8JaAVP7uRHPEEAqniFUMPCKtgeQSp/UkiyQRMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDGLxzO7kF8CtfH 4psK3yo2MIHABgsqhkiG9w0BCRACCzGBsKCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgT EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP IENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9u IGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDGLxzO7kF8CtfH4psK3yo2MA0GCSqGSIb3DQEBAQUA BIIBAChoxAM3F8ZzG641Lj3+beMsNeuBt1U9b1CMYR9cYAuNKvjT7v3/P20E9iXrkiPylyxd QjP6OLlojXmPPn9EXOS4SeZicSWiRJa+lFOhXyvXAa5k9AzyX/VaonFsrq3KwHK1RMZIYvSX 3FhttGzauWxoO4Y4raSIniKTf28K4lerjI0dTfRWQadxq/0xEbbvef7cokiEOjI7OAhmgyUR 2xFDqsdRBlPohDmLfWWI8E1IGK8glzl0KoVplgA3WNNb69C4JTRXAJUamxdoRPamatgfFroj HgmcGKhXrvtA4dbMhldxWwguHYe6tzxOSI69mBtd37ll75el4GihCREsCrsAAAAAAAA= --------------ms000207020502040008040600--