You are protecting against hardware attackers with TRESOR. So... it only makes sense at the bare-metal / Hypervisor level.
-Travis On Wed, Feb 11, 2015 at 3:33 PM, Alfie John <[email protected]> wrote: > On Thu, Feb 12, 2015, at 03:17 AM, Travis Biehn wrote: > > + cypherpunks > > > > http://en.wikipedia.org/wiki/TRESOR - Keys are stored in debug or SSE > > registers and never leave the CPU. Use of AES-NI gives you solid > > performance. [side-channel DPA/timing etc vulnerable, though :(] > > > > That + trusted boot + dm-verity & FDE. Delicious. [Add Xen bare-metal > > & qubes-esque setup.] > > > > I've never seen TRESOR work, that might be a fun side-project for > > someone. > > Wouldn't running TRESOR under Xen be useless as Xen would need to > save/restore SSE registers when switching between VMs (and putting them > in memory)? > > Alfie > > -- > Alfie John > [email protected] > -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
