[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does reboot clear RAM?
From: |
Marc-André Lureau |
Subject: |
Re: Does reboot clear RAM? |
Date: |
Wed, 13 Nov 2019 14:14:16 +0400 |
Hi
On Wed, Nov 13, 2019 at 12:58 PM Narcis Garcia via
<address@hidden> wrote:
>
> El 13/11/19 a les 7:27, Joachim Durchholz ha escrit:
> > Am 12.11.19 um 02:20 schrieb Jakob Bohm:
> >> On 11/11/2019 20:27, Joachim Durchholz wrote:
> >>> Am 11.11.19 um 15:35 schrieb Jakob Bohm:
> >>>> On physical machines, the following mechanisms are common:
> >>>>
> >>>> 1. DRAM chips physically loose their contents after a few seconds of
> >>>> power
> >>>> off,
> >>>
> >>> I am by no way an expert, but the forensic experts tell me that data
> >>> can persist for *minutes*.
> >>> Of course, the first bits flip after a few seconds. But you don't get
> >>> a guarantee that everything is zeroed.
> >>> I also hear that temperature plays a really big role here.
> >>>
> >> There's a difference between reading faded bits with special analogue
> >> equipment
> >> after artificially cooling chips way below what the datasheet allows, and
> >> reading the digital bits at normal temperature, voltage etc.
> >
> > The refresh circuitry of a DRAM chip is just for the purpose of reading
> > faded bits.
> > And of course it will read whatever it decides is in the cell. If enough
> > electrons are left, it will be above the threshold, so you can expect to
> > see the occasional 1 bit in RAM unless it's cleared.
> >
> > I'm still interested in hearing whether typical RAM has a RST line and
> > whether that wipes memory (or merely initializes internal circuitry).
> > Speculation about potential low-level circuit trickery is nice but does
> > not answer that question, I fear.
>
> I think the best solution is to implement:
> - A flag/parameter to reboots do clear RAM
> - A flag/parameter to reboots don't clear RAM
> - A default behaviour.
>
> Default behaviour could depend on specified chipset or other virtualized
> hardware if that originally have different behaviour.
You might be interested by the TCG Platform Reset Attack Mitigation
Specification :
https://trustedcomputinggroup.org/wp-content/uploads/Platform-Reset-Attack-Mitigation-Specification.pdf
Of which we have implemented the Set MOR bit ACPI interface. When it
is set, QEMU will clear the RAM on reset (& ovmf the cpu caches).
See commit ec86c0f678a9402fb4265c8874bd2ec712b33127 ("acpi: add ACPI
memory clear interface") and commit
ffab1be70692c55f4c81642f03d629fd84eb4b18 ("tpm: clear RAM when "memory
overwrite" requested").
Currently, this interface is only exposed with a TPM device, but it
could probably be moved elsewhere if suitable.
--
Marc-André Lureau
- Re: Does reboot clear RAM?, (continued)
- Re: Does reboot clear RAM?, Joachim Durchholz, 2019/11/10
- Re: Does reboot clear RAM?, Kent Dorfman, 2019/11/10
- Re: Does reboot clear RAM?, Joachim Durchholz, 2019/11/11
- Re: Does reboot clear RAM?, Jakob Bohm, 2019/11/11
- Re: Does reboot clear RAM?, Joachim Durchholz, 2019/11/11
- Re: Does reboot clear RAM?, Jakob Bohm, 2019/11/11
- Re: Does reboot clear RAM?, Narcis Garcia, 2019/11/12
- Re: Does reboot clear RAM?, Peter Maydell, 2019/11/12
- Re: Does reboot clear RAM?, Joachim Durchholz, 2019/11/13
- Re: Does reboot clear RAM?, Narcis Garcia, 2019/11/13
- Re: Does reboot clear RAM?,
Marc-André Lureau <=