From owner-freebsd-questions@freebsd.org Mon Aug 6 02:31:05 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F4271066A9D for ; Mon, 6 Aug 2018 02:31:05 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id B52AA8281D for ; Mon, 6 Aug 2018 02:31:04 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 09E40CB8D4A; Sun, 5 Aug 2018 21:31:03 -0500 (CDT) Received: from 108.68.162.197 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sun, 5 Aug 2018 21:31:03 -0500 (CDT) Message-ID: <59554.108.68.162.197.1533522663.squirrel@cosmo.uchicago.edu> In-Reply-To: <5f673fdc-4dd8-663a-605a-6b7cdce5206d@irk.ru> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> <5f673fdc-4dd8-663a-605a-6b7cdce5206d@irk.ru> Date: Sun, 5 Aug 2018 21:31:03 -0500 (CDT) Subject: Re: Erase memory on shutdown From: "Valeri Galtsev" To: "thor" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 02:31:05 -0000 On Sun, August 5, 2018 8:52 pm, thor wrote: > For any level of physical protection there is an adversary that could > breach it. So the first stage of protection is physical one, Exactly. That is what I said in my first reply in this thread. However that part was creatively edited away by someone, that is why I personally dislike editing away portions of other people posts. Creative editing, BTW, can totally change what the person actually said. Yes, it was repeated forever that security begins with physical security. And repeating again what my friend likes to say: nothing can stop the guy wit the screwdriver. Not quite true, but pretty close. Valeri > the second > is the breach detection that initiates clean shutdown. Problem is to > erase everything on this shutdown. > > Or maybe I should start a reboot that hangs on "Enter passphrase for > /dev/ada0p3.eli" and erases the memory in the process? > > > > On 08/06/18 08:10, Valeri Galtsev wrote: >> >> Please, correct me if I am wrong in the following: >> >> If the attacker yanks off the power cord, then cold boots off his media, >> your defense/erasure of memory does not protect you against this attack. >> Right? Your defense only helps if the attacker does clean shutdown. >> Right? >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++