[115634] in cryptography@c2.net mail archive
Re: cold boot attacks on disk encryption
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Fri Feb 22 09:14:17 2008
Cc: "Perry E. Metzger" <perry@piermont.com>,
"Jon Callas" <jon@callas.org>,
cryptography@metzdowd.com
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: "Ali, Saqib" <docbook.xml@gmail.com>
In-Reply-To: <addede3b0802211540u44d773der7c33ac12a7e85d0b@mail.gmail.com>
Date: Thu, 21 Feb 2008 23:13:56 -0500
On Feb 21, 2008, at 6:40 PM, Ali, Saqib wrote:
> i think in most cases tamper-resistant is sufficient
Er, what do TPMs have to do with this at all? TPMs are not tamper-=20
proof hardware FDE devices. They're somewhat tamper-proof (in =20
practice, I wouldn't depend on it) non-volatile storage for small =20
amounts of sensitive data, such as encryption keys. But as long as =20
it's software that's driving your FD encryption, you need to have your =20=
keys in RAM.
So, either:
* The TPM is used in 'basic' mode, where its only purpose is to
provide a measure of tamper-resistance to the boot path, and as
long as no boot-time tampering is detected, the FDE key will be
loaded into RAM automatically,
or,
* The TPM requires explicit authentication (e.g. by password or
smart card) before releasing the key, in which case a successful
authentication will load the FDE key in RAM.
If the machine is running and the FDE in use -- which is the entire =20
premise behind this attack -- both TPM use cases are just as =20
vulnerable. TPMs are a red herring in this discussion, unless the FDE =20=
was actually offloading the crypto operations to it. This is not a =20
supported mode of operation for any widely-deployed FDE system that =20
I'm familiar with.
So, is anyone else as amused as I am that Apple can release an EFI =20
firmware update to zeroize MacBook Air memory at boot-time, turning =20
the heretofore widely-decried inability to upgrade that laptop's RAM =20
-- due to the chips being soldered to the motherboard -- into an =20
advantage, and making the Air the laptop of choice for discriminating, =20=
fashion-aware, security-conscious professionals the world over?
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
