[liberationtech] A tool for encrypted laptops
Steve Weis
steveweis at gmail.com
Fri May 9 13:08:22 PDT 2014
Hi Tom. Does hibernation on a Mac protect from physical memory
extraction by default or is this something yontma configures?
After a quick search, I ran across "destroyfvkeyonstandby" to destroy
the FileVault key on standby. Is that sufficient?
As for DMA attacks, my understanding is the latest OS X does pretty
good job by default. DMA is disabled while the screen is locked and I
wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least
as of a year ago). I wasn't able to conduct DMA attacks via
Thunderbolt unless the PCI device was connected on bootup and the
laptop unlocked. That's an artificial setting, except perhaps for a
laptop dock with a hidden Thunderbolt hub.
On Fri, May 9, 2014 at 11:41 AM, Tom Ritter <tom at ritter.vg> wrote:
>
> Hey all. Reviving an oooold thread with a new release:
> https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html
>
> From the first email: If your encrypted laptop has its screen locked,
> and is plugged into power or ethernet, the tool will hibernate your
> laptop if either of those plugs are removed. So if you run out for
> lunch, or leave it unattended (but plugged in) at starbucks, and
> someone grabs your laptop and runs, it'll hibernate to try to thwart
> memory attacks to retrieve the disk encryption key. Not foolproof, but
> something simple and easy.
>
> We've now released a version for Mac. (Open Source of course.)
More information about the liberationtech
mailing list