Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Aug 2018 15:43:45 +0200
From:      Polytropon <freebsd@edvax.de>
To:        galtsev@kicp.uchicago.edu
Cc:        "Erich Dollansky" <freebsd.ed.lists@sumeritec.com>, John Levine <johnl@iecc.com>, thor <thor@irk.ru>, freebsd-questions@freebsd.org
Subject:   Re: Erase memory on shutdown
Message-ID:  <20180806154345.3243e993.freebsd@edvax.de>
In-Reply-To: <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu>
References:  <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 5 Aug 2018 19:10:07 -0500 (CDT), Valeri Galtsev wrote:
> 
> On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote:
> > Hi,
> >
> > On Sun, 5 Aug 2018 10:55:22 -0500 (CDT)
> > "Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote:
> >
> >> On Sun, August 5, 2018 10:26 am, thor wrote:
> >> > https://en.wikipedia.org/wiki/Cold_boot_attack
> >> >
> >>
> >> The trouble is that erasing RAM on clean shutdown does not prevent the
> >> attacker in the attack as above from still successfully perform the
> >
> > so, ECC is also here the only possible answer, at least for parts of it.
> >
> > Still, erasing memory when shutting down helps in some cases. I do this
> > on my machines for small parts when a shutdown is detected. It makes at
> > least the most obvious attacks from that side difficult.
> 
> Please, correct me if I am wrong in the following:
> 
> If the attacker yanks off the power cord, then cold boots off his media,
> your defense/erasure of memory does not protect you against this attack.
> Right? Your defense only helps if the attacker does clean shutdown. Right?

Clearing memory at shutdown time won't happen when
shutdown time doesn't take place. Many cold boot
attacks rely on surprisingly (!) interrupting the
power, which implies physical access, and then
booting from a custom media, so even clearing
memory at startup time doesn't happen.

All those precautions only work when physical access
is taken out of consideration.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180806154345.3243e993.freebsd>