Quoting Paul Millar paul@astro.gla.ac.uk:
<delurk/>
Hi all,
I just read an interesting entry on Bruce Schneier's blog: http://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html about how to recover the keys for a whole-disk encryption system.
Apparently, the problem here is DRAM doesn't fade fast enough. If the reboot is fast, then the memory contents are preserved, so exposing the in-memory cache of the disk encryption key. Boot off a memory stick and one can analysis the memory's content.
The (perhaps flippant ;-) remark from "bootman" about storing the keys somewhere where the data will be erased by the BIOS led me to wonder if coreboot could do something like this.
Perhaps coreboot could add the option of wipe the memory contents before handing over to the payload, maybe a "wipe-memory" payload that fails over to the next, main payload? If erasing the whole memory would take too long, could it wipe some part of the memory and (by convention) that part of the memory be used for storing secrets?
You can't wipe the memory right before the payload. At this point the memory is already itialized and memory alociation is already setup. This could potentially wipe out parts of the setup process. The best time to impliment something like this would be in the very begining. Something like initalize memory -> wipe memory -> re-initalize memory -> continue with the coreboot process.
Thanks - Joe