You are not logged in.
- Topics: Active | Unanswered
#1 2021-08-05 07:11:43
- pepper
- Member
- Registered: 2017-12-09
- Posts: 116
How to wipe RAM before shutdown in order to mitigate cold boot attack?
Hello, is there an application that wipes RAM before powering off the computer? I've an arch install with full disk encryption (LVM on LUKS) on my laptop and I'd like to prevent cold boot attack in order to protect my passphrase while ram it is not completely erased. Is there a package or a simple configuration?
I found solutions like TRESOR (but it seems to not have a mature implementation on linux kernel and it requires old kernels 3.x only) or the package secure-delete (I can't find a good wiki about how to use it, even if I open the original developer's archived github repository) and anyway sdmem doesn't work with new SDRAMs (read command description in the link). Are there other/better solutions?
Last edited by pepper (2021-08-05 07:29:51)
Offline
#2 2021-08-05 09:26:21
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,367
- Website
Re: How to wipe RAM before shutdown in order to mitigate cold boot attack?
I think I am blind, because I can’t see the page saying sdmem isn’t working with new SDRAMs. Could you please quote the specific passage?
If your threat model is such that you are willing to spend a long time on turning off your machine to wipe RAM, Arch may not be the best choice for you. Consider using Tails, as it has memory wiping built-in and is designed for that type of use. Or consider Qubes OS, where hypervisor zeroes memory before handing it to a new VM and therefore starting a new context consuming a lot of memory is likely to nuke old RAM contents.
sdmem is a weird tool and, knowing who is behind it, I am a bit surprised by its existence. Unless I am really missing something, it can do no better than opportunistic erasure of userspace data (which doesn’t include disk encryption keys). And generating some heat by running a lengthy method designed for magnetic/flash media to a volatile capacitance-based memory.
If you want to fill RAM with random data, reboot into memtes86+ and let it finish one round of any test. That will overwrite every single bit of your RAM.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#3 2021-08-05 12:44:12
- pepper
- Member
- Registered: 2017-12-09
- Posts: 116
Re: How to wipe RAM before shutdown in order to mitigate cold boot attack?
in the description of sdmem package: "Note that with the new SDRAMs, data will not wither away but will be kept static - it is easy to extract the necessary information!"
I'd like to know a little more in detail how long does the "natural erasure" of ram take, after powering off the machine.
Offline
#4 2021-08-05 14:24:34
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,367
- Website
Re: How to wipe RAM before shutdown in order to mitigate cold boot attack?
in the description of sdmem package: "Note that with the new SDRAMs, data will not wither away but will be kept static - it is easy to extract the necessary information!"
I see no connection between “sdmem doesn't work with new SDRAMs” and that fragment.
I'd like to know a little more in detail how long does the "natural erasure" of ram take, after powering off the machine.
The answer to that is even on Wikipedia, not to mention top results for “cold boot attack”.
Last edited by mpan (2021-08-05 14:24:53)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#5 2021-08-05 14:50:43
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,938
Re: How to wipe RAM before shutdown in order to mitigate cold boot attack?
You got that backwards - SDRAM is basically the justification for sdmem
I'd like to know a little more in detail how long does the "natural erasure" of ram take
What exactly is the expected attack vector here?
Also, obligatory, https://xkcd.com/538/
Offline
#6 2021-08-06 15:37:20
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,334
Re: How to wipe RAM before shutdown in order to mitigate cold boot attack?
I always find there are a couple basic rules about encryption.
One, a secret is only safe if its value is less than the cost to steal it. Is your data so valuable to someone else that they would go to the effort to recover it? If it is a state secret or illegal, maybe. If you are trying to prevent a roommate from snooping on your personal messages, probably not.
Two, you cannot bolt on security; it has to be baked in. If you need serious security, keys don't get stored in memory, they get stored in static registers. And they have active tamper detection to clear those keys at the first sign of trouble (including excursions from normal operating temperatures). The processor uses encrypted data and address buses. When the processor is not accessing memory to do something real, there are noise generators that read random locations just to drive the entropy up. Cryptographic functions are made to be isotemporal to attempt to thwart side channel attacks, etc... To attempt to really secure a COTS general purpose commodity computer is a fools errand if someone has physical access to it. I will say that the TPM chipsets in some systems offer solutions to some of these problems, but you have to manage to get control of it....
Last edited by ewaller (2021-08-06 15:37:59)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline