On Wed, 10 Mar 1999, Bob Ebert wrote:
> 1) cold boot
> 2) write a little app that:
How do you get the app in? Hotsync will typically restore lots of things
you wouldn't want (unless you write that app too).
> 3) allocates storage chunks (DmNewHandle) until it can't allocate any
> more, zeroing each chunk.
> 4) repeat for dynamic heap chunks (MemPtrNew)
> 5) cold boot again
> This will effectively write over every byte in RAM. Here's my
> reasoning: Booting re-writes the low memory globals. Initing the
> dynamic heap re-writes the heap headers.
Assuming you don't have blocks of "reserved" memory that won't get
rewritten in the process. One easy test might be to simply grab a large
amount on the stack, say 8K (or whatever palm says the size should be),
write/check for a string just above that, then go through the process and
see if it is still there.
You have to wipe the entire stack too...
> Running the OS re-writes areas of the heap it uses. Your loops that
> allocate and zero will write over the rest of memory. Cold booting
> again erases your app and will delete all those storage heap chunks you
> allocated with DmNewHandle.
Is it possible to have insufficient memory to create a new heap header, so
that you can't DmNewHandle, but there would be a section of memory
untouched?
And I think this would apply to the dynamic heap.
> This doesn't *zero* all memory, but that shouldn't be so important. The
> important thing is that only known software (the OS and your app) has
> written to memory, and that every byte in memory has been overwritten.
If this can be done, then every *free* byte could also be overwritten,
which would help.
The problem I have with the architecture is I can't *prove* every byte of
memory is wiped. It would be helpful if the coldboot-clear memory would
actually zero all of memory as part of the clear, and it shouldn't take
that long (I would guess about 1/2 Mb/sec depending on wait states - lp:
moveq.l #0,(a1)+; dbf d0,lp; dbf d1,lp; and you can see why I would
like an 68EC010 core).
> Repeat as many times as necessary. I think that would satisfy any normal
> security professional, though maybe not Colonel Flag.
Or Colonel Sanders - if he was worried about his original recipie.
