cold boot attacks on disk encryption

Jon Callas jon at callas.org
Fri Feb 22 07:43:21 EST 2008


> So, is anyone else as amused as I am that Apple can release an EFI  
> firmware update to zeroize MacBook Air memory at boot-time, turning  
> the heretofore widely-decried inability to upgrade that laptop's RAM  
> -- due to the chips being soldered to the motherboard -- into an  
> advantage, and making the Air the laptop of choice for  
> discriminating, fashion-aware, security-conscious professionals the  
> world over?


No. Apple (or anyone doing EFI boot, for example, someone doing WDE  
for OS X) can easily modify the EFI boot to zero memory. It isn't just  
the Air, it's any Intel Mac, but remember those are just Intel EFI  
systems.

Note, however, that this does not completely solve the attack. If  
someone hits the reset button or yanks power, then you don't get to  
erase.

	Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list