Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757040AbZJCUhH (ORCPT ); Sat, 3 Oct 2009 16:37:07 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1756571AbZJCUhG (ORCPT ); Sat, 3 Oct 2009 16:37:06 -0400 Received: from out1.smtp.messagingengine.com ([66.111.4.25]:47138 "EHLO out1.smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753875AbZJCUhE (ORCPT ); Sat, 3 Oct 2009 16:37:04 -0400 X-Sasl-enc: 1iquIhpBjbVRLQLXOSl1po8oe4I+mJLQeM1ARkM2KL7r 1254602186 Date: Sat, 3 Oct 2009 17:36:20 -0300 From: Henrique de Moraes Holschuh To: Pavel Machek Cc: "Wang, Shane" , Arjan van de Ven , "H. Peter Anvin" , "Rafael J. Wysocki" , Linus Torvalds , Linux Kernel Mailing List , Ingo Molnar , Thomas Gleixner , "Cihula, Joseph" Subject: Re: [GIT PULL] x86/txt for v2.6.32 Message-ID: <20091003203619.GA27182@khazad-dum.debian.net> References: <200909282307.56190.rjw@sisk.pl> <4AC1267D.6020405@zytor.com> <20090928211745.GA2119@elf.ucw.cz> <4AC1AA61.8070408@intel.com> <20090929171318.GC14405@elf.ucw.cz> <20090929191951.18315e94@infradead.org> <037F493892196B458CD3E193E8EBAD4F01ED9FE3B1@pdsmsx502.ccr.corp.intel.com> <20090930065448.GB11652@elf.ucw.cz> <037F493892196B458CD3E193E8EBAD4F01ED9FE6E3@pdsmsx502.ccr.corp.intel.com> <20091003201959.GA16047@elf.ucw.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20091003201959.GA16047@elf.ucw.cz> X-GPG-Fingerprint: 1024D/1CDB0FE3 5422 5C61 F6B7 06FB 7E04 3738 EE25 DE3F 1CDB 0FE3 User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1264 Lines: 29 On Sat, 03 Oct 2009, Pavel Machek wrote: > On Sat 2009-10-03 01:02:52, Wang, Shane wrote: > > > So I modify the RAM content so that BIOS does not think measured > > > environment existed before suspend? > > > Pavel > > > > Hi Pavel, what do you mean on this question? > > When do you modify the RAM? before S3 sleep? > > During the sleep, using something cold and second machine. And it is ridiculously easy to pull off, too: http://www.engadget.com/2008/02/21/cold-boot-disk-encryption-attack-is-shockingly-effective/ Shows the attack being used to read sensitive keys, but you can use it also to *modify* system running state (it will be more difficult, as you need to remove and replace the RAM while on S3 instead of S5, but it should be doable by someone who knows what he is doing). -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/