Researchers at FAU explain how to implement AES in Linux without leaving keys exposed in memory, and with no performance penalty.

TRESOR is a secure implementation of AES which is resistant against cold boot attacks and other attacks on main memory. The basic idea behind this implementation is to store the secret key inside CPU registers rather than in RAM. All computations take place only on registers, no AES state is ever going to RAM. In particular, the x86 debug registers are misused as secure key storage.