cold boot attacks on disk encryption
Jon Callas
jon at callas.org
Fri Feb 22 07:43:21 EST 2008
> So, is anyone else as amused as I am that Apple can release an EFI
> firmware update to zeroize MacBook Air memory at boot-time, turning
> the heretofore widely-decried inability to upgrade that laptop's RAM
> -- due to the chips being soldered to the motherboard -- into an
> advantage, and making the Air the laptop of choice for
> discriminating, fashion-aware, security-conscious professionals the
> world over?
No. Apple (or anyone doing EFI boot, for example, someone doing WDE
for OS X) can easily modify the EFI boot to zero memory. It isn't just
the Air, it's any Intel Mac, but remember those are just Intel EFI
systems.
Note, however, that this does not completely solve the attack. If
someone hits the reset button or yanks power, then you don't get to
erase.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list