RDPUser
Posts: 148
Joined: Tue Jan 30, 2018 12:18 pm

Raspberry PI4 cold boot protected. By design?

Sat Jul 27, 2019 8:51 am

Perhaps you remember, that we discussed there https://www.raspberrypi.org/forums/view ... p?t=231085 whether Raspberry-PI is cold boot protected. There was a link to this thread https://www.raspberrypi.org/forums/view ... p?t=199047 where it was proof that RAM content remains even after a short power outage.

Now I've tested something similar with rasperry PI4. A script fills almost all the memory full with a certain String. I'm working via ssh and LAN connected. As image I used raspian buster lite dated 2019-07-10

Code: Select all

#include<stdio.h>
#include<string.h>
#include<stdlib.h>
#include <termios.h>

#define RAMString "QdUziHoaXCekejxq1bf4PjeNpqwW0FZLxiH4FZJC6uFP3ui4/C8ZdnTqYXmFgpSH"


int main() {
	printf("Hello World\n");
	
	//char speicher[ANZAHL][65];
	int MBSpeicher = 650; //325 bei PI Zero W
	int bytes = MBSpeicher * 1024 * 1024;
	int laenge=strlen(RAMString)+1;
	char **arr;
	int anzahl = bytes / laenge;
	arr = (char**)malloc(anzahl * sizeof (char*));
	if (arr == 0)
	{
		printf("Fehler Speicher konnte nicht gesichert werden\n");
	}
	else
	{
		char *string=RAMString;
		
		
		for(int i=0;i<anzahl;++i) 
		{
			arr[i] = (char*)malloc(laenge);
			if (arr[i] == 0)
			{
				printf("Fehler Speicher konnte in Schleife nicht gesichert werden\n");
				return 1;
			}
			strcpy(arr[i],string);
			
		}
		
	}
	printf("Beliebige Taste zum Beenden drücken\n");
	getchar();
	return 0;
}
Just compile it with gcc filename.cpp
chmod +x a.out
and run with ./a.out

To read the RAM I've used Lime https://github.com/504ensicsLabs/LiME

Code: Select all

git clone https://github.com/504ensicsLabs/LiME
apt-get install raspberrypi-kernel-headers
in src folder just excute make and then
execute a.out, press a char and then hit enter to close program. Now reboot or cut shortly power and then execute

Code: Select all

sudo insmod ./lime-4.19.47-v7l+.ko "path=ramAfterReboot.dmp format=raw"
to make a second ramdump without reboot remove the module with sudo rmmod lime

Then to verify that there is no string left I've used cat ramAfterReboot.dmp | grep -c QdUziHoaXCekejxq1bf4PjeNpqwW0FZLxiH4FZJC6uFP3ui4/C8ZdnTqYXmFgpSH

After a reboot or a short power outage there are zero counts, so no data in RAM at all.

Be careful some counts may occur because of bash history. To avoid that for your own tests, edit .bashrc and set HISTFILESIZE=0


On the PI Zero after executing the above program, rebooting and then compiling the kernel module and then reading the RAM I got

Code: Select all

cat ramAfterReboot.dmp | grep -c QdUziHoaXCekejxq1bf4PjeNpqwW0FZLxiH4FZJC6uFP3ui4/C8ZdnTqYXmFgpSH
1171825
1.171.825 So more than one million occurrences

So now we take the 3B

Now doing the same gives
cat 3BMemory.dmp | grep -c QdUziHoaXCekejxq1bf4PjeNpqwW0FZLxiH4FZJC6uFP3ui4/C8ZdnTqYXmFgpSH
2006430
So more than 2 million occurences!


RPI 4 uses LPDDR4 RAM https://www.raspberrypi.org/forums/view ... 3&t=245175
If during reboot RAM is shortly without power this could be sufficient to wipe out all RAM-content. Even with normal DDR3 RAM cold boot attacks weren't poosible anymore, see https://faui1-files.cs.fau.de/filepool/ ... ldboot.pdf
There they suppose it is mainly because of the reduced voltage compared to DDR2.
Since LPDDR4 uses 1.1V instead of 1.2V we ware pretty safe with short poweroutages in RAM module.


I would be glad if some with RPI 4 try this procedure to verify. I can remember that for some reboots I had 0 findings with RPI3 but I can't reproduce this anymore. Probably I did there something wrong, but I'm quite sure I didn't. So perhaps there are some rare cases were no data is left in RAM.

When other uses verify cold boot protection just one question remains. Is it by design (zeroing out memory after boot like suggested in the previous topic) or is it "by accident" with the characteristics of LPDDR4 memory.

hippy
Posts: 6860
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Raspberry PI4 cold boot protected. By design?

Sat Jul 27, 2019 12:16 pm

RDPUser wrote:
Sat Jul 27, 2019 8:51 am
When other uses verify cold boot protection just one question remains. Is it by design (zeroing out memory after boot like suggested in the previous topic) or is it "by accident" with the characteristics of LPDDR4 memory.
I am not sure what you are asking here, or what you refer to when asking if it is by design or by accident; zeroing or not zeroing ?

My understanding is that no hardware memory is designed to zero itself on power-up, so will always deliver undefined or last written contents, though it may tend towards reading as zeroed while powered down and that tendency will likely corrupt what was last written, but perhaps not all of that. That will depend on how long it is powered down.

Being able to read back fully or partially what was last written is, for me, to be expected, and the length of power absence for being able to do that is often longer than people imagine or believe. Some expect memory to lose its contents instantly or quickly on power off but that is often not the case. Your own tests have proven that, as have others.

But I am not sure what you are trying to prove, assert or query beyond that.

Does the memory fitted to a Pi 4 lose its contents quicker when powered off than memory fitted to previous Pi models ? Quite possibly.

Is that by design ? I would say it's more likely just a characteristic of implementation.

User avatar
davidcoton
Posts: 4674
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK

Re: Raspberry PI4 cold boot protected. By design?

Sat Jul 27, 2019 1:57 pm

Look at the (unassigned) memory after a cold boot. Is it zeroed? If so, that will almost certainly be by design. If it is random, then memory clearance is not by design.

Try filling the memory with a single character before cold restart. Count the number of such characters after a cold boot. Is it significantly higher than random (one in 256)?
Signature retired

RDPUser
Posts: 148
Joined: Tue Jan 30, 2018 12:18 pm

Re: Raspberry PI4 cold boot protected. By design?

Sun Jul 28, 2019 7:58 am

I am not sure what you are asking here, or what you refer to when asking if it is by design or by accident; zeroing or not zeroing ?
Sorry for misunderstanding. I wanted to know if the RAM content is just gone because of the short poweroutage of the RAM chip or is there code that clears the RAM.
But I am not sure what you are trying to prove, assert or query beyond that.
I'd like people to do the same steps and tell their experience. Are there also 0 occurences after reboot or are there remanences? As I've written, I had something similar on PI3. On first tries there were 0 occurrences after filling RAM, rebooting and then dumping the contents but with subsequent tries the RAM content remained after reboot.

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2240
Joined: Thu Jul 11, 2013 2:37 pm

Re: Raspberry PI4 cold boot protected. By design?

Mon Aug 05, 2019 10:46 am

I can retrieve kernel messages via pstore/ramoops after a reboot (which implies an 80ms power-off sequence to reset the SD card). I can force a poweroff with GLOBAL_EN and after between 1 and 2 seconds of holding GLOBAL_EN low, RAM is sufficiently corrupted that ramoops no longer recognises the contents. It looks like LPDDR4 has a much lower persistence threshold than previous technologies.
Rockets are loud.
https://astro-pi.org

Return to “Advanced users”