logoalt Hacker News

teravortoday at 5:13 PM2 repliesview on HN

on the subject of encryption keys and memory there is something you can do:

- if your CPU supports it, enable memory encryption.

- if your TPM module supports this look for MemoryOverwriteRequestControl & MemoryOverwriteRequestControlLock (/sys/firmware/efi/efivars/) and toggle them. make sure that your computer always reboots and never powers off. memory will always be wiped on boot.


Replies

bluebarbettoday at 7:31 PM

Proper capitalization makes English easier to read.