From owner-freebsd-questions@freebsd.org Mon Aug 6 14:59:04 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4AE2105B75C for ; Mon, 6 Aug 2018 14:59:04 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 878597B49D for ; Mon, 6 Aug 2018 14:59:04 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) by kicp.uchicago.edu (Postfix) with ESMTP id 310917180CE; Mon, 6 Aug 2018 09:58:58 -0500 (CDT) Subject: Re: Erase memory on shutdown To: Polytropon Cc: Erich Dollansky , John Levine , thor , freebsd-questions@freebsd.org References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> <20180806154345.3243e993.freebsd@edvax.de> From: Valeri Galtsev Message-ID: <449f6907-9bdf-5459-b9bd-759e62025b02@kicp.uchicago.edu> Date: Mon, 6 Aug 2018 09:58:57 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180806154345.3243e993.freebsd@edvax.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 14:59:05 -0000 On 08/06/18 08:43, Polytropon wrote: > On Sun, 5 Aug 2018 19:10:07 -0500 (CDT), Valeri Galtsev wrote: >> >> On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote: >>> Hi, >>> >>> On Sun, 5 Aug 2018 10:55:22 -0500 (CDT) >>> "Valeri Galtsev" wrote: >>> >>>> On Sun, August 5, 2018 10:26 am, thor wrote: >>>>> https://en.wikipedia.org/wiki/Cold_boot_attack >>>>> >>>> >>>> The trouble is that erasing RAM on clean shutdown does not prevent the >>>> attacker in the attack as above from still successfully perform the >>> >>> so, ECC is also here the only possible answer, at least for parts of it. >>> >>> Still, erasing memory when shutting down helps in some cases. I do this >>> on my machines for small parts when a shutdown is detected. It makes at >>> least the most obvious attacks from that side difficult. >> >> Please, correct me if I am wrong in the following: >> >> If the attacker yanks off the power cord, then cold boots off his media, >> your defense/erasure of memory does not protect you against this attack. >> Right? Your defense only helps if the attacker does clean shutdown. Right? > > Clearing memory at shutdown time won't happen when > shutdown time doesn't take place. Many cold boot > attacks rely on surprisingly (!) interrupting the > power, which implies physical access, and then > booting from a custom media, so even clearing > memory at startup time doesn't happen. > > All those precautions only work when physical access > is taken out of consideration. Yes, my point exactly. Thanks! Valeri > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++