RAM Encryption. Is it possible?

Without adding any additional hardware, is RAM encryption possible?

Sure.
You can encrypt whatever you like in RAM, just like you encrypt everything else.
The more interesting quesstion is "where are the keys". You can just leave the keys in RAM as well or give them to the OS which will also store them in RAM.
You can apply some of the fancy techniques proposed by Schneier et. al. in Cryptography Engineering, i.e. one-time-pad encrypt the key to your data, store the pad in RAM and decrypt data only when needed.

If so are there any known and currently used implementations for Linux or Windows systems

Windows offers the Data-Protection API (DPAPI), letting you encrypt data using the user's log-in credentials. I know that at least some password managers (like KeePass) use this to protect the valuable passwords in RAM.

Using a Trusted Platform Module (TPM; which get increasingly popular as Windows now requires them) or some other dedicated hardware would indeed solve the issue best by offloading the key to a place you trust in case the RAM is compromised.

However there's one solution that is rolling out right now: Intel's Software Guard Extensions (SGX), shipping with Skylake and newer CPUs. They allow you to load a program into your processor, verify its state is correct - remotely - and then protect its execution. The CPU will automatically encrypt everything leaving the processor (i.e. everything that is offloaded to RAM) and will thereby ensure security for you. The only problem for mass deployment is that SGX requires you to have a signed code that your processor will accept, i.e. Intel must issue you a certificate for this purpose.


Absolutely, particularly if you are using RAM as non-persistent storage in which case you can encrypt it like any disk, file or directory after partitioning it off and mounting it in namespace.

However, executable program data needs to exist as 'plaintext' in memory at some point so it is ineffective to try and protect kernel and program memory in this manner.

The tools necessary are simple and ubiquitous (openssl, etc).