Date: Mon, 6 Aug 2018 09:58:57 -0500 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: Polytropon <freebsd@edvax.de> Cc: Erich Dollansky <freebsd.ed.lists@sumeritec.com>, John Levine <johnl@iecc.com>, thor <thor@irk.ru>, freebsd-questions@freebsd.org Subject: Re: Erase memory on shutdown Message-ID: <449f6907-9bdf-5459-b9bd-759e62025b02@kicp.uchicago.edu> In-Reply-To: <20180806154345.3243e993.freebsd@edvax.de> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> <20180806154345.3243e993.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/06/18 08:43, Polytropon wrote: > On Sun, 5 Aug 2018 19:10:07 -0500 (CDT), Valeri Galtsev wrote: >> >> On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote: >>> Hi, >>> >>> On Sun, 5 Aug 2018 10:55:22 -0500 (CDT) >>> "Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote: >>> >>>> On Sun, August 5, 2018 10:26 am, thor wrote: >>>>> https://en.wikipedia.org/wiki/Cold_boot_attack >>>>> >>>> >>>> The trouble is that erasing RAM on clean shutdown does not prevent the >>>> attacker in the attack as above from still successfully perform the >>> >>> so, ECC is also here the only possible answer, at least for parts of it. >>> >>> Still, erasing memory when shutting down helps in some cases. I do this >>> on my machines for small parts when a shutdown is detected. It makes at >>> least the most obvious attacks from that side difficult. >> >> Please, correct me if I am wrong in the following: >> >> If the attacker yanks off the power cord, then cold boots off his media, >> your defense/erasure of memory does not protect you against this attack. >> Right? Your defense only helps if the attacker does clean shutdown. Right? > > Clearing memory at shutdown time won't happen when > shutdown time doesn't take place. Many cold boot > attacks rely on surprisingly (!) interrupting the > power, which implies physical access, and then > booting from a custom media, so even clearing > memory at startup time doesn't happen. > > All those precautions only work when physical access > is taken out of consideration. Yes, my point exactly. Thanks! Valeri > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?449f6907-9bdf-5459-b9bd-759e62025b02>