Hi Tom. Does hibernation on a Mac protect from physical memory extraction by default or is this something yontma configures?
After a quick search, I ran across "destroyfvkeyonstandby" to destroy the FileVault key on standby. Is that sufficient? As for DMA attacks, my understanding is the latest OS X does pretty good job by default. DMA is disabled while the screen is locked and I wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least as of a year ago). I wasn't able to conduct DMA attacks via Thunderbolt unless the PCI device was connected on bootup and the laptop unlocked. That's an artificial setting, except perhaps for a laptop dock with a hidden Thunderbolt hub. On Fri, May 9, 2014 at 11:41 AM, Tom Ritter <[email protected]> wrote: > > Hey all. Reviving an oooold thread with a new release: > https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html > > From the first email: If your encrypted laptop has its screen locked, > and is plugged into power or ethernet, the tool will hibernate your > laptop if either of those plugs are removed. So if you run out for > lunch, or leave it unattended (but plugged in) at starbucks, and > someone grabs your laptop and runs, it'll hibernate to try to thwart > memory attacks to retrieve the disk encryption key. Not foolproof, but > something simple and easy. > > We've now released a version for Mac. (Open Source of course.) -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
