Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Posted: Tue Jan 15, 2019 8:31 am
Of course youre right. Sorry that I dind't mentionIt's a few lines of code BUILT IN TO THE SOC, i.e. hardwired in the silicon itself. So to put that in the current Pi would cost about $500k (the cost of a respin of the die).
So you've already out it on your list or do I have to write somewhere? Because it is still a long time till there, perhaps it is even possible to encrypt the RAM fully as it is now upcoming for the x86 CPUs, just to keep in mind...so that would be to be done for the Pi5
The decryption key or at least password is stored for a shortly time in RAM. Lets suggest the human right acitivist uses 7zip. 7zip now must ensure that typed password and actual derived key are overwritten bevor. In addition all decrypted data must be zeroed out after writing to disc.I'd suggest human right activists use file by file encryption, which doesn't involve a decryption key being stored in RAM.
Then when the data is on disc he must encrypt it again, encryption program must do the same steps like above, then the user must securely erase the file from disc.
But the big problem is: A software like libre Office doesn't clear its RAM content after closing. So even when your encrytion software wipes out keys and passwords the attacker can read out the whole document after cold boot attack. So for me this cold boot attack is not overblown at all.
You dont't have to be a human right activist. There is data that has to stay private. For example my roommate wants to store on the PI who is at home. Now someone in the commune does something illegal. Police seized the PI and now they would know when I was at home. Thats my private data, police should not have any right to view my data because I didn't do anything.