From owner-freebsd-questions@freebsd.org Sun Aug 5 15:55:29 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7F0B10564A4 for ; Sun, 5 Aug 2018 15:55:29 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id 60C5793E35 for ; Sun, 5 Aug 2018 15:55:28 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 2B4C4CB8D4A; Sun, 5 Aug 2018 10:55:22 -0500 (CDT) Received: from 108.68.162.197 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sun, 5 Aug 2018 10:55:22 -0500 (CDT) Message-ID: <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> In-Reply-To: <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> Date: Sun, 5 Aug 2018 10:55:22 -0500 (CDT) Subject: Re: Erase memory on shutdown From: "Valeri Galtsev" To: "thor" Cc: "John Levine" , freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Aug 2018 15:55:29 -0000 On Sun, August 5, 2018 10:26 am, thor wrote: > https://en.wikipedia.org/wiki/Cold_boot_attack > The trouble is that erasing RAM on clean shutdown does not prevent the attacker in the attack as above from still successfully perform the attack. Erasing memory can [only] be designed as a part of clean shutdown. The attack above easily bypasses it just by yanking the power cord, and then cold booting off removable medium. As it was repeated forever: the security begins with physical security of the machine. The last prevents attacker from physical access to the machine. As someone was saying "nothing can stop the guy with the screwdriver" (not quite true, but pretty close). Another route could be encryption of RAM on-the-fly while system runs, yet it is questionable where the encryption key itself is kept to be unaccessible for the attacker in the attack above, and boot of such system may require warm body present. Valeri > > On 08/05/18 23:02, John Levine wrote: >> In article you write: >>> Hello! >>> >>> Just one paranoid question: How to cause FreeBSD to zero all RAM during >>> shutdown? >> On modern computers, turning the power off should do the trick. >> >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++