RAM Encryption?


Originally published at: https://www.whonix.org/blog/ram-encryption

There is PrivateCore vCage. Couldn’t find much information at their website. Seems like a commercial product. Would wonder about the prices out of curiosity.

Are there any other competition products? Or even Libre Software / Open Source ones?

The closest similar thing for Linux seems to be TREZOR but that only keeps the full disk encryption password in the CPU registers and doesn’t encrypt the full RAM contents?


Running sensitive data on untrusted machines (like the clould) is simply not possible. There are many attacks on systems that claim to achieve this.

No one should trust that a TPM can keep keys safe from a serious adversary with physical and remote access.

TREZOR is not really comparable to this. TREZOR would be useful if Linux were ever modified to function with encrypted RAM support and move the LUKS key to the CPU register. I think this will be the only serious way to protect encryption keys on machines with NVRAM in the future for people who don’t trust TPMs to protect them - and they shouldn’t.