Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] A tool for encrypted laptops

Steve Weis steveweis at gmail.com
Fri May 9 13:08:22 PDT 2014


Hi Tom. Does hibernation on a Mac protect from physical memory
extraction by default or is this something yontma configures?

After a quick search, I ran across "destroyfvkeyonstandby" to destroy
the FileVault key on standby. Is that sufficient?

As for DMA attacks, my understanding is the latest OS X does pretty
good job by default. DMA is disabled while the screen is locked and I
wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least
as of a year ago). I wasn't able to conduct DMA attacks via
Thunderbolt unless the PCI device was connected on bootup and the
laptop unlocked. That's an artificial setting, except perhaps for a
laptop dock with a hidden Thunderbolt hub.

On Fri, May 9, 2014 at 11:41 AM, Tom Ritter <tom at ritter.vg> wrote:
>
> Hey all.  Reviving an oooold thread with a new release:
> https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html
>
> From the first email: If your encrypted laptop has its screen locked,
> and is plugged into power or ethernet, the tool will hibernate your
> laptop if either of those plugs are removed.  So if you run out for
> lunch, or leave it unattended (but plugged in) at starbucks, and
> someone grabs your laptop and runs, it'll hibernate to try to thwart
> memory attacks to retrieve the disk encryption key. Not foolproof, but
> something simple and easy.
>
> We've now released a version for Mac. (Open Source of course.)



More information about the liberationtech mailing list