* Hardware memory encryption / bus encryption. If implemented correctly, keys never touch RAM and will be discarded instantly across any power disruption.
* Control physical access: don’t allow an attacker access to the DRAM chips.
* Control logical access: use trusted boot systems which don’t allow an attacker to dump arbitrary memory, combined with physical access control so they can’t directly address memory externally.
That is correct, AMD Zen4 (Ryzen 7000) supports transparent full memory encryption. It also supports more granular memory encryption, for example to prevent the host accessing VM guest memory.
Keeping secrets out of main memory, either with registers, encrypted memory, or use of a secure enclave (which in turn uses encrypted memory) for sensitive operations.
* Control physical access: don’t allow an attacker access to the DRAM chips.
* Control logical access: use trusted boot systems which don’t allow an attacker to dump arbitrary memory, combined with physical access control so they can’t directly address memory externally.