Erase memory on shutdown
Valeri Galtsev
galtsev at kicp.uchicago.edu
Sun Aug 5 15:55:29 UTC 2018
On Sun, August 5, 2018 10:26 am, thor wrote:
> https://en.wikipedia.org/wiki/Cold_boot_attack
>
The trouble is that erasing RAM on clean shutdown does not prevent the
attacker in the attack as above from still successfully perform the
attack. Erasing memory can [only] be designed as a part of clean shutdown.
The attack above easily bypasses it just by yanking the power cord, and
then cold booting off removable medium.
As it was repeated forever: the security begins with physical security of
the machine. The last prevents attacker from physical access to the
machine. As someone was saying "nothing can stop the guy with the
screwdriver" (not quite true, but pretty close).
Another route could be encryption of RAM on-the-fly while system runs, yet
it is questionable where the encryption key itself is kept to be
unaccessible for the attacker in the attack above, and boot of such system
may require warm body present.
Valeri
>
> On 08/05/18 23:02, John Levine wrote:
>> In article <acbb3213-e79e-dfde-038f-b1476925cd4a at irk.ru> you write:
>>> Hello!
>>>
>>> Just one paranoid question: How to cause FreeBSD to zero all RAM during
>>> shutdown?
>> On modern computers, turning the power off should do the trick.
>>
>>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list