Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: cross-compatible secure enclaves #12

Open
ex0dus-0x opened this issue Dec 5, 2021 · 0 comments
Open

Proposal: cross-compatible secure enclaves #12

ex0dus-0x opened this issue Dec 5, 2021 · 0 comments

Comments

@ex0dus-0x
Copy link
Owner

We should consider phasing out secstr for our own "secured memory" implementation, with full support for other primitives for isolating memory pages to support different OSes:

  • Linux - typical support for mlock and zeroing, but also thinking MFD_SECRET_*, as posed here to further isolate sensitive memory from kernel space and even cache. Have not seen a merge upstream to a new revision yet, but interesting to think about.

  • macOS - mlock again, but also potentially pushing support for Secure Enclave storage, which will requiring signing rather than our current symmetric encryption.

  • Windows - CryptProtectMemory and SecureZeroMemory for explicit zeroing.

Backing to other native "keyring" implementations (Credential Manager, macOS Keychain) are also interesting and provides security and isolation for free(-ish).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Status: No status
Development

No branches or pull requests

1 participant