Search Mailing List Archives
[liberationtech] A tool for encrypted laptops
blibbet at gmail.com
Fri May 9 14:19:10 PDT 2014
On 5/9/14 1:08 PM, Steve Weis wrote:
> Hi Tom. Does hibernation on a Mac protect from physical memory
> extraction by default or is this something yontma configures?
There may be an ACPI/UEFI attack here... UEFI Runtime Service drivers
continue to run in the background while the main OS is running. A UEFI
driver can detect these ACLU Sx states. UEFI includes a full IPv4/IPv6
network stack (optionally bootable via PXE), UEFI apps/drivers can talk
over the net as well as to local storage media.
So, a UEFI runtime service driver could detect hibernation, start
getting active in background over net. IF adversary is smart enough to
figure out how to install an EFI driver onto your system. And you don't
detect the change. So, your EFI malware runtime service might be able to
work while you and the OS think the system is merely hibernating.
EFI's "Fast Boot" feature is the opposite of ACPI hiberation. The B<n>
states of EFI booting are conceptually similar to the S<n> states of
ACPI sleeping. Without "Fast Boot", EFI still controls ACPI hibernation,
just not as quickly (there are redundant re-init/re-scans that are not
ACPI is controlled by the firmware.
OS suspend/resume is controlled by the firmware.
IMO, power box off completely, to be sure there's no weirdness happening
at firmware and silicon levels. Like people remove their batteries from
PS: EFI-free Novena reached their crowdsourcing goals! You have 9 days
to act before prices increase:
"at the conclusion of the Crowd Supply campaign on May 18, all the
prices listed below will go up by 10%"
More information about the liberationtech