Linux 5.14 Can Create Secret Memory Areas With 'memfd_secret '

by
janrinok
from SoylentNews on (#5M3GH)

upstart writes:

Linux 5.14 Can Create Secret Memory Areas With memfd_secret:

The "memfd_secret" system call is being added to the Linux 5.14 kernel to provide the ability to create memory areas that are visible only in the context of the owning process and these "secret" memory regions are not mapped by other processes or the kernel page tables.

This work originated with the proposed secretmemfd work for secret memory on Linux and over the past year as memfd_secret has been gping through many rounds of review. The intended use-case for these secret memory areas are cases like OpenSSL private keys potentially being stored within these areas to reduce the possibility they are exposed in system memory and not able to be backed up by other hardware encryption methods with modern hardware. Using memfd_secret means the memory areas will only be mapped in the page table of the processes that have access to the owning file descriptor and is unmapped from the kernel direct map.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments