undefined | Better HN

0 pointsjava-man10y ago0 comments

There are cases when not only key material but also some data need to be protected.

For example, in a context of password storage app, the passwords and associated text should not remain in the clear in memory, and possibly even the character buffer of entry fields such as JPasswordField.

This is the reason for the MemCrypt code mentioned earlier.

0 comments

sweis10y ago

Yep, we ran the entire Linux stack pinned in the L3 cache, so no data or code hit main memory which was not encrypted.

Ironically, we could test this by disabling VT-d and using a DMA device to read encrypted main memory. Here's an old demo video: https://www.youtube.com/watch?v=chvJpEmXvDk

j / k navigate · click thread line to collapse

0 pointsjava-man10y ago0 comments

There are cases when not only key material but also some data need to be protected.

This is the reason for the MemCrypt code mentioned earlier.

0 comments

sweis10y ago

Yep, we ran the entire Linux stack pinned in the L3 cache, so no data or code hit main memory which was not encrypted.

Ironically, we could test this by disabling VT-d and using a DMA device to read encrypted main memory. Here's an old demo video: https://www.youtube.com/watch?v=chvJpEmXvDk

j / k navigate · click thread line to collapse