Hi Tom. Does hibernation on a Mac protect from physical memory
extraction by default or is this something yontma configures?

After a quick search, I ran across "destroyfvkeyonstandby" to destroy
the FileVault key on standby. Is that sufficient?

As for DMA attacks, my understanding is the latest OS X does pretty
good job by default. DMA is disabled while the screen is locked and I
wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least
as of a year ago). I wasn't able to conduct DMA attacks via
Thunderbolt unless the PCI device was connected on bootup and the
laptop unlocked. That's an artificial setting, except perhaps for a
laptop dock with a hidden Thunderbolt hub.

On Fri, May 9, 2014 at 11:41 AM, Tom Ritter <[email protected]> wrote:
>
> Hey all.  Reviving an oooold thread with a new release:
> https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html
>
> From the first email: If your encrypted laptop has its screen locked,
> and is plugged into power or ethernet, the tool will hibernate your
> laptop if either of those plugs are removed.  So if you run out for
> lunch, or leave it unattended (but plugged in) at starbucks, and
> someone grabs your laptop and runs, it'll hibernate to try to thwart
> memory attacks to retrieve the disk encryption key. Not foolproof, but
> something simple and easy.
>
> We've now released a version for Mac. (Open Source of course.)
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
[email protected].

Reply via email to