On Mon, 2 Jul 2018, Dan Williams wrote:

> If an attacker can run arbitrary code in the kernel they can get the
> key from the ring directly, or turn on ACPI debug. A platform could
> arrange for the DIMMs to be unlocked pre-OS to minimize passphrase
> exposure, 

So, either from within UEFI secure boot, or via the bootloader?

-- 
James Morris
<[email protected]>

_______________________________________________
Linux-nvdimm mailing list
[email protected]
https://lists.01.org/mailman/listinfo/linux-nvdimm

Reply via email to