Supporting filesystems in persistent memory

Posted Sep 20, 2014 22:13 UTC (Sat) by Lennie (subscriber, #49641)
In reply to: Supporting filesystems in persistent memory by markusw
Parent article: Supporting filesystems in persistent memory

"If NVM would be cheaper than RAM .., you could simply wipe the device .. upon boot to make it behave like RAM."

The security community is going to laugh at that if you don't have some kind of policy around not writing private keys to NVM. Which will probably not work. Existing applications don't have any concept of different kinds of memory for holding keys so you'd need to modify all of them ?

The security community isn't even happy with keeping keys in RAM as it is. As a simple can of compressed air can prevent your RAM from being wiped already:

http://en.wikipedia.org/wiki/Cold_boot_attack

Supporting filesystems in persistent memory

Posted Sep 22, 2014 20:09 UTC (Mon) by zlynx (guest, #2285) [Link]

> The security community isn't even happy with keeping keys in RAM as it is.

And then the invent things like TPM chips and "secure element" chips. But then they make them so impossible to use that programmers have no choice except to store encryption keys in RAM.