I was thinking over meltdown mitigations this morning, and a thought occurred to me (which falls in line with general ideas I've been pursuing) This is a Crowd Supply project I've been eyeing: https://www.crowdsupply.com/rhs-research/nanoevb It's basically an FPGA that can plug into an M.2 slot. One potential use of this could be to use it as an off-die crypto unit, thereby keeping keys out of memory. I don't know what the driver situation looks like for this thing, but as its an open hardware project, I doubt it would be too hard to get support up and running. I realize it's not a perfect solution by far, but it would provide some level of mitigation (especially for things like GELI) that could hold people over until they can replace their hardware.
On 1/4/2018 10:27 AM, Eric McCorkle wrote:> I was thinking over meltdown mitigations this morning, and a thought > occurred to me (which falls in line with general ideas I've been pursuing)A pretty neat idea. But in terms of keeping crypto keys safe, why not something behind a pkcs11 interface (e.g. eToken) or tpm ? ---Mike> > I realize it's not a perfect solution by far, but it would provide some > level of mitigation (especially for things like GELI) that could hold > people over until they can replace their hardware.-- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/