On 2011-02-18 18.17, Kevin Chadwick wrote:
> On Fri, 18 Feb 2011 16:17:25 +0100
> Joachim Schipper wrote:
>> On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
>>> does it exists?
>> Not yet.
> Hibernate offers more integrity of user data but it's a lot less
> secure, discounting the boot virus's like the one mentioned on P.
> Hansteen's site that may? be hindered by power removal. (Anyone heard
> more about those or how that one worked.)
> "http://bsdly.blogspot.com/2010/10/if-it-runs-openbsd-it-has-to-be.html";
> I don't really see how hibernate could be done safely without all
> systems having a TPM. Maybe a storage file in /var that only root can
> access, but that's still a compromise.
I'm sure it's just my too-narrow mind, but I fail to see any particular
security implications that are not also implied by having actual
physical access to the machine. Could you elaborate?
The one problem I see is the risk of being able to read system memory
from the hibernation storage if someone unauthorized gains access to the
system and boots it into single-user mode or removes the disk and reads
it in another computer.
But the way I imagine hibernation to be implemented would be to simply
swap out all memory to the (by default) encrypted swap space, and then
somehow flag the upcoming next boot that the swap contains live
hibernation data, and provide the encryption key (which of course
becomes the weak point).
Then for the really paranoid, the location of that flag and key could
perhaps be configurable, and be set to a USB stick or memory card that
can be removed and for example travel separately from the laptop itself.
Not perfect of course, but then again, if access to the physical
hardware is gained all bets are more or less off anyway.
Regards,
/Benny
--
internetlabbet.se / work: +46 8 551 124 80 / "Words must
Benny LC6fgren/ mobile: +46 70 718 11 90 / be weighed,
/ fax:+46 8 551 124 89/not counted."
/email: benny -at- internetlabbet.se
