Originally published at: News - Whonix Forum
There is PrivateCore vCage. Couldn’t find much information at their website. Seems like a commercial product. Would wonder about the prices out of curiosity.
Are there any other competition products? Or even Libre Software / Open Source ones?
The closest similar thing for Linux seems to be TREZOR but that only keeps the full disk encryption password in the CPU registers and doesn’t encrypt the full RAM contents?
Running sensitive data on untrusted machines (like the clould) is simply not possible. There are many attacks on systems that claim to achieve this.
No one should trust that a TPM can keep keys safe from a serious adversary with physical and remote access.
TREZOR is not really comparable to this. TREZOR would be useful if Linux were ever modified to function with encrypted RAM support and move the LUKS key to the CPU register. I think this will be the only serious way to protect encryption keys on machines with NVRAM in the future for people who don’t trust TPMs to protect them - and they shouldn’t.
Interesting stuff.
Unfortunately from a research project to an actual merge in Linux mainline kernel or Xen it’s a long way to go.
There was a working xen patch designed for Qubes based on a 2010 paper https://lasr.cs.ucla.edu/~pedro/docs/ieee-hst-2010.pdf r implemented in zRAM
A Password Is Not Enough: Why Disk Encryption Is Broken and How We Might Fix It - Privacy PC
Not on github anymore, but you can still reach the creator
I don’t know how practical is that Bitvisor patch from hypercrypt in the link you posted