Re: [BLUG] Improving the boot time

RAM scans during POST can mitigate cold boot attacks as long as they do a complete read/write test erasing/zeroing the memory. The DRAM is known to retain its memory even after power cycling by a quick reboot. An attacker could typically dump the contents of the DRAM to get to the encryption key used for encrypting the disks. I am just not sure how much a TPM helps here. "Quickboot" options skip memory checks on startup for a faster boot time but leave the system open to such type of attacks.
Most legacy BIOSes and even the "secure" EFI are susceptible to these attacks.
I believe an open solution like coreboot proves to be the best option in the long run.

On Sat, Oct 4, 2008 at 4:32 AM, Scott Blaydes <sblaydes@sbce.org> wrote:

Does the RAM scan actually have anything to do with security, or just PC health?

Thank you,
Scott Blaydes

Steven Black wrote:

It is interesting.

On a personal note, I have all my machines configured in such a manner
so as to slow down the boot. -- As a security precaution I have all
the RAM on all my machines scanned at boot-time. I actively discourage
people from using the "QuickBoot" BIOS options.

Cheers,
Steven Black

On Thu, Oct 02, 2008 at 10:11:14AM -0600, Abhishek Kulkarni wrote:

Just stumbled upon some interesting stuff here http://www.fenrus.org/plumbers_fastboot.ppt

I just clocked the booting time on my notebook (Dell Vostro 1400), it takes
more than 90 seconds!

 -- Abhishek

_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

------------------------------------------------------------------------

_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug