====== TRESOR ======
[[dido:public:ra:xapend:xapend.a_glossary:start| Return to Glossary ]]

**TRESOR** is a software approach that seeks to resolve this insecurity by storing and manipulating encryption keys almost exclusively on the [[dido:public:ra:xapend:xapend.a_glossary:c:cpu]] alone, and in [[dido:public:ra:xapend:xapend.a_glossary:r:register | Registers]] accessible at [[dido:public:ra:xapend:xapend.a_glossary:p:protection_ring]] **Ring 0** (the highest privilege level) only—the exception being the brief period of initial calculation at the start of a session. This ensures that encryption keys are almost never available via user space or following a cold boot attack. **TRESOR** is written as a kernel patch that stores encryption keys in the x86 debug registers, and uses on-the-fly round key generation, atomicity, and blocking of usual **''ptrace''** access to the debug registers for security. 

Source: [[https://en.wikipedia.org/wiki/TRESOR ]]


/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says 
  ~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~