On Mon, 2 Jul 2018, Dan Williams wrote: > If an attacker can run arbitrary code in the kernel they can get the > key from the ring directly, or turn on ACPI debug. A platform could > arrange for the DIMMs to be unlocked pre-OS to minimize passphrase > exposure,
So, either from within UEFI secure boot, or via the bootloader? -- James Morris <[email protected]> _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
