> RAM scans during POST can mitigate cold boot attacks as long as they do a
> complete read/write test erasing/zeroing the memory. The DRAM is known to
> retain its memory even after power cycling by a quick reboot. An attacker could
> typically dump the contents of the DRAM to get to the encryption key used for
> encrypting the disks. I am just not sure how much a TPM helps here. "Quickboot"
> options skip memory checks on startup for a faster boot time but leave the
> system open to such type of attacks.
You are correct. Does the RAM check just do a read test, or is
it write/read? Truthfully, I don't know -- and it may vary by BIOS
manufacturer. They likely consider it a trade secret much the same way
that people considered the exact amount of food in a can to be a trade
secret back in the old days.
However, anything that causes the RAM to heat up, and slows down the
boot process provides some level of support in mitigating cold-boot
attacks.
All I need to do is make the attacker think, "Oh shoot. This is going to
take too long, and it is erasing the data now!" The ultimate goal is to
provide not only enough security but enough noticable security. It could
be considered on par with a security sign out front.
Ultimately, what I consider is powering down your machine 5-10 minutes
before you ever leave it alone. (This accepts the fact that leaving
laptops alone in your hotel room will likely happen at some point during
a conference.)
> Most legacy BIOSes and even the "secure" EFI are susceptible to these attacks.
> I believe an open solution like coreboot proves to be the best option in the
> long run.
I agree. Open solutions are usually the best.
Cheers,
Steven Black
> On Sat, Oct 4, 2008 at 4:32 AM, Scott Blaydes <sblaydes@sbce.org> wrote:
>
> Does the RAM scan actually have anything to do with security, or just PC
> health?
>
> Thank you,
> Scott Blaydes
>
> Steven Black wrote:
>
> It is interesting.
>
> On a personal note, I have all my machines configured in such a manner
> so as to slow down the boot. -- As a security precaution I have all
> the RAM on all my machines scanned at boot-time. I actively discourage
> people from using the "QuickBoot" BIOS options.
>
> Cheers,
> Steven Black
>
> On Thu, Oct 02, 2008 at 10:11:14AM -0600, Abhishek Kulkarni wrote:
>
> Just stumbled upon some interesting stuff here http://
> www.fenrus.org/plumbers_fastboot.ppt
>
> I just clocked the booting time on my notebook (Dell Vostro 1400),
> it takes
> more than 90 seconds!
>
> -- Abhishek
No comments:
Post a Comment