On Mon, 2 Jul 2018, Dan Williams wrote: > If an attacker can run arbitrary code in the kernel they can get the > key from the ring directly, or turn on ACPI debug. A platform could > arrange for the DIMMs to be unlocked pre-OS to minimize passphrase > exposure,
So, either from within UEFI secure boot, or via the bootloader? -- James Morris <jmor...@namei.org> _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm