Hello, ========== Problem:
Everything is stored in plaintext in the Memory. So if although full disc encryption is used on an OpenBSD machine, it is possible to copy the content of the memory, while the notebook was on suspend or it was running: https://citp.princeton.edu/research/memory/media/ ========== Solution: Can we (optionally*) encrypt the content of the memory and store the key for decryption in the CPU to avoid in general these kind of attacks? There are solutions for this on Linux already, but only on patch level: https://www1.informatik.uni-erlangen.de/tresor *if someone would want to harden it's OpenBSD (since notebooks could be stolen..) it could turn on this feature to avoid a policy to always turn off the notebook while not using it. Thank you for your comments.
