FridgeLock: Preventing Data Theft on Suspended Linux with Memory Encryption (2020)

(www.sec.in.tum.de)

1. gnabgib ◴[30 Apr 24 22:49 UTC] No.40217409[source]▶

>>40194842 (OP) #

(2020).. doesn't seem to have been much progress since, although there is a 2019 POC (in C) by one of the authors[0]

[0]: https://github.com/fridgelock-lkm/fridgelock

2. TrueDuality ◴[30 Apr 24 23:16 UTC] No.40217625[source]▶

>>40194842 (OP) #

Intel TME and AMD SME (both on boot discardable unique memory encryption technologies running in silicon) are both pretty common in consumer grade hardware and has great Linux kernel support.

Both Android and iPhone's use their secure enclave's for storing their encryption keys limiting the effective targets of these attacks (and would be quite difficult to physically extract from).

I suppose this is still useful for older hardware and ultra budget phones... But this is a protection against state actors and high end espionage which wouldn't use those classes of devices...

Soooooo who is this for? What threat model is this meaningful for? In what world am I trusting a random unaudited security module that taints my kernel for _any_ security sensitive application?

replies(1): >>40217671 #

3. snvzz ◴[30 Apr 24 23:21 UTC] No.40217671[source]▶

>>40217625 #

>great Linux kernel support

For some definition of great. E.g. Ryzen-based Thinkpad, not enabled by default, hangs on boot if requested via mem_encrypt=on kernel command line[0].

https://www.kernel.org/doc/html/v5.8/x86/amd-memory-encrypti...

replies(2): >>40219739 #>>40223682 #

4. ◴[01 May 24 00:27 UTC] No.40218138[source]▶

>>40194842 (OP) #

5. gertop ◴[01 May 24 05:14 UTC] No.40219739{3}[source]▶

>>40217671 #

I concur, SME on Linux is only usable in full memory encryption mode (ie the kernel doesn't even know about it) on my ryzen laptop as well.

6. ◴[01 May 24 14:25 UTC] No.40223682{3}[source]▶

>>40217671 #