[115635] in cryptography@c2.net mail archive
Re: cold boot attacks on disk encryption
daemon@ATHENA.MIT.EDU (Jon Callas)
Fri Feb 22 09:15:24 2008
Cc: Saqib Ali <docbook.xml@gmail.com>,
"Perry E. Metzger" <perry@piermont.com>,
Cryptography <cryptography@metzdowd.com>,
Jon Callas <jon@pgp.com>
From: Jon Callas <jon@callas.org>
To: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
In-Reply-To: <DCC91900-BD38-4823-9245-B9E28423FF39@solarsail.hcs.harvard.edu>
Date: Fri, 22 Feb 2008 04:43:21 -0800
> So, is anyone else as amused as I am that Apple can release an EFI
> firmware update to zeroize MacBook Air memory at boot-time, turning
> the heretofore widely-decried inability to upgrade that laptop's RAM
> -- due to the chips being soldered to the motherboard -- into an
> advantage, and making the Air the laptop of choice for
> discriminating, fashion-aware, security-conscious professionals the
> world over?
No. Apple (or anyone doing EFI boot, for example, someone doing WDE
for OS X) can easily modify the EFI boot to zero memory. It isn't just
the Air, it's any Intel Mac, but remember those are just Intel EFI
systems.
Note, however, that this does not completely solve the attack. If
someone hits the reset button or yanks power, then you don't get to
erase.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
