A modified version of GnuPG

Werner Koch wk at gnupg.org
Wed May 22 10:04:02 CEST 2002


On Tue, 21 May 2002 21:39:28 +0400, Max V Zinal said:

> When I said "secure memory" I was going to say "VirtualLock under
> Windows  NT/2000/XP",  which keeps you absolutely safe unless you

I guess you didn't read Peter's papers on this.  VirtualLock is not
suitable for this.  The only way to protect memory from swapping is by
allocating it with the device helper functions:  An ISR may need
memory buffers and these buffers should never be subject to any paging
- the pager may need the service of that ISR - this is the reason why
you are able to allocate non-pageable memory for a device driver.

When GnuPG talks about "secure memory" it actually means "non-pageable
memory".  There can't be any protection against an almighty
admin/root/superuser.

  Werner





More information about the Gnupg-devel mailing list