> For the threat model of most users, where hardware-based targeted attacks aren't a big concern, this is a bad tradeoff.
> hardware-based targeted attacks
You mean physical-access attacks, correct?
Is it really just these kinds of attacks that a T2 chip protects against?
AFAIK if malware has super user privilege, it can access the RAM of other processes, and therefore it can access the encryption keys stored in RAM by other processes.
If those processes could have used an encryption API that does the encryption on the chip, and therefore not need to store encryption keys in RAM, they'd be protected against this kind of attack, a kind of attack that is not hardware-based.
Considering those keys are loaded into RAM for/whilst unencripting, i don't see how it matters, cause the malware should have access to the (now) unencripted data regardless.
> hardware-based targeted attacks
You mean physical-access attacks, correct? Is it really just these kinds of attacks that a T2 chip protects against?
AFAIK if malware has super user privilege, it can access the RAM of other processes, and therefore it can access the encryption keys stored in RAM by other processes.
If those processes could have used an encryption API that does the encryption on the chip, and therefore not need to store encryption keys in RAM, they'd be protected against this kind of attack, a kind of attack that is not hardware-based.