Re: For the super paranoid

2017-12-09 Thread Lampshade
News from Reddit: "AMD Listened to us, and added a PSP disable option in their new AGESA version!" Not my picture (Credit to u/repo_code), but https://drive.google.com/file/d/1b4p3d-gtHbFvkUbHYC8HSIviL-1ssC7V/view My Gigabyte AB350 Gaming 3 also has a bios based on the new agesa version,

Re: For the super paranoid

2017-03-12 Thread bytevolcano
>From your link: AMD replied: "Thanks for the inquiry. Currently we do not have plans to release source code but you make a good argument for reasons to do so. We will evaluate and find a way to work with security vendors and the community to everyone's benefit."

Re: For the super paranoid

2017-03-12 Thread I love BSDs
>In order for me to trust AMD's implementation, they first need to can >that ridiculous Platform "Security" Processor. It is as useless and >dangerous as Intel Management Engine, running unknown code. Who know, maybe they are going to open source their firmware?

Re: For the super paranoid

2017-03-11 Thread Luke Small
At least you can protect yourself from corporate espionage; unless it's intel On Sat, Mar 11, 2017 at 1:36 PM wrote: > https://en.wikipedia.org/wiki/TRESOR > > A Linux kernel patch which provides CPU-only based encryption > to defend

Re: For the super paranoid

2017-03-11 Thread bytevolcano
In order for me to trust AMD's implementation, they first need to can that ridiculous Platform "Security" Processor. It is as useless and dangerous as Intel Management Engine, running unknown code. A more plausible attack would be an application using malloc() for a large segment of memory, and

Re: For the super paranoid

2017-03-11 Thread Christian Weisgerber
On 2017-03-11, Luke Small wrote: > Is there a way to encrypt memory and keep the key on the CPU like a > transparent partition so that if the ram cards are physically accessed, hey > can't be read? Not with OpenBSD and not at this time. > Is it reasonable? AMD thinks so.

Re: For the super paranoid

2017-03-11 Thread I love BSDs
Do you mean Cold boot attack? For Linux there are patches called TRESOR. There are also other cache-based key storage solutions. Anyway it means implementing complicated kernel solution to address one, very specific and uncommon threat.

Re: For the super paranoid

2017-03-11 Thread BiggRanger
https://en.wikipedia.org/wiki/TRESOR A Linux kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual

Re: For the super paranoid

2017-03-11 Thread Flipchan
Suggestion: disable nvram , u can create nvram to help out ur regular ram , i Read A paper about it on how it can be easily Reversed engineered Luke Small skrev: (11 mars 2017 17:44:46 CET) >Is there a way to encrypt memory and keep the key on the CPU like a >transparent

Re: For the super paranoid

2017-03-11 Thread Peter Faiman
There is no way hardware supported way to do this on mainstream Intel / AMD. Yes it's possible to make a chip that could do it. No it's not reasonable, it would destroy performance without really helping that much. If you are facing an adversary powerful enough to have access to your RAM sticks,

For the super paranoid

2017-03-11 Thread Luke Small
Is there a way to encrypt memory and keep the key on the CPU like a transparent partition so that if the ram cards are physically accessed, hey can't be read? Is it reasonable?