In comp.os.linux.development.system Sebastian G. <seppi@seppig.de> wrote:
| Bernd Felsche wrote:
|
|
|>> So add a RAM wipe right at the end of the halt sequence (in
|>> addition to other security measures like storing keys in unused
|>> corners of video card SRAM).
|>
|> Scrubbing page tables making a good start. Much quicker than the
|> whole RAM - which could span gigabytes for the well-endowed.
|
|
| Well, what about simply wiping only the cryptographic keys? Which is exactly
| what almost any on-the-fly encryption suite under the sun does.

If you know exactly where the keys are, that's what you wipe first. Then
wipe any unencrypted data, if you know where that is. Then wipe everything
else to be sure. All that could happen between output of "System halted"
and the power off action (or the "It is now safe to turn off the power"
output).

The kernel that knows where the keys are could also wipe them the instant
any power loss event is triggered, depending on how long the DC capacitors
can keep things running to accomplish that (hopefully at least a few hundred
instructions).

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-27-1129@ipal.net |
|------------------------------------/-------------------------------------|