[coreboot] Possible security enhancement?
joe at smittys.pointclark.net
joe at smittys.pointclark.net
Thu Feb 21 21:42:15 CET 2008
Quoting Paul Millar <paul at astro.gla.ac.uk>:
> <delurk/>
>
> Hi all,
>
> I just read an interesting entry on Bruce Schneier's blog:
> http://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html
> about how to recover the keys for a whole-disk encryption system.
>
> Apparently, the problem here is DRAM doesn't fade fast enough. If the reboot
> is fast, then the memory contents are preserved, so exposing the in-memory
> cache of the disk encryption key. Boot off a memory stick and one can
> analysis the memory's content.
>
> The (perhaps flippant ;-) remark from "bootman" about storing the keys
> somewhere where the data will be erased by the BIOS led me to wonder if
> coreboot could do something like this.
>
> Perhaps coreboot could add the option of wipe the memory contents before
> handing over to the payload, maybe a "wipe-memory" payload that fails over to
> the next, main payload? If erasing the whole memory would take too long,
> could it wipe some part of the memory and (by convention) that part of the
> memory be used for storing secrets?
>
You can't wipe the memory right before the payload. At this point the
memory is already itialized and memory alociation is already setup.
This could potentially wipe out parts of the setup process. The best
time to impliment something like this would be in the very begining.
Something like initalize memory -> wipe memory -> re-initalize memory
-> continue with the coreboot process.
Thanks - Joe
More information about the coreboot
mailing list