Erase memory on shutdown

cpghost cpghost at cordula.ws
Fri Aug 10 15:51:19 UTC 2018 

On 08/10/18 17:24, Valeri Galtsev wrote:
> 
> 
> On 08/10/18 09:08, cpghost wrote:
>> On 08/05/18 17:55, Valeri Galtsev wrote:
>>> Another route could be encryption of RAM on-the-fly while system runs, yet
>>> it is questionable where the encryption key itself is kept to be
>>> unaccessible for the attacker in the attack above, and boot of such system
>>> may require warm body present.
>>
>> What about SEV?
>>
>> https://developer.amd.com/amd-secure-memory-encryption-sme-amd-secure-encrypted-virtualization-sev/
>> https://github.com/AMDESE/AMDSEV
> 
> I personally am an opponent of the other processor in my machine that has almighty access to my machine, can access external hosts via the same physical network connection though not controllable by me, the sysadmin of the machine (or machine owner). It sounds to me that it is in the same general direction as Intel ME.

You're right. Basically, it's all about Trusting Trust[1], all over again,
but now on hardware/firmware. And what's worse: who can audit the crypto,
when done on a closed proprietary hardware design?

But still, if we talk about encrypting memory, hardware-assists like these
where the (ephemeral) keys are kept in some hidden CPU registers that clear
much faster than (cold) DRAM/SRAM seems like a practical way to make
cold boot attacks harder.

[1] https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

> Out of two bads I choose the lesser bad. Namely: the possibility of attack by the bad guy who has physical access to my machine is lesser bad than the possibility of attack through super-system which I have no way to modify, control, or turn off, that runs on another CPU, has control over my hardware that runs my system, and my system is a slave to that super-system.
> 
> Do you think it is your machine? No, it is their machine (whoever they are).
> 
> There is one (small?) company that tries to rid of all proprietary code and other means of control, thus giving the owner full possession of his hardware ("impregnable" for third parties, be it even the main CPU manufacturer):
> 
> https://puri.sm/
> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
> 
> They also implement open source coreboot instead of proprietary EFI or BIOS. And they do not have in their hardware anything that requires available as binary only "firmware" or "microcode". So, they use famous Atheros WiFi, but they never use working great but running proprietary firmware Intel WiFi.

Good to know. Thanks for the pointer!

> I'd like to hear if anyone knows about similar efforts by other computer manufacturers.
> 
> Sorry, this went a bit off the original point (but not quite off of it).
> 
> Valeri

-cpghost.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3992 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20180810/204acafd/attachment.bin>

More information about the freebsd-questions mailing list