This is done for Linux Lockdown. For memfd_secret, it might not be considered go... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jchw on Aug 20, 2021 \| parent \| context \| favorite \| on: Memfd_secret() in 5.14 This is done for Linux Lockdown. For memfd_secret, it might not be considered good enough; I think the memory needs to be evicted.

api on Aug 20, 2021 [–]

What is the threat model for this? If it’s a highly advanced attacker with physical access not even that is good enough. The best we can do is a true hardware enclave.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact