I'm trying to implement the Memory Erasure feature from Tails on my Ubuntu 11.10 machine. The documentation is here: https://tails.boum.org/contribute/design/memory_erasure/ This works on a Debian build (TAILS). My question is how can I implement this on Ubuntu? I can't get kexec to execute the new kernel (memory wipe kernel), it just shutsdown normally. Anyone here have experience with Kexec? The reason I would like this is for my companies laptops. They all use Ubuntu 11.10 (hardened) and LUKS encryption. I realize a cold boot attack is mostly impractical but I don't want to risk it when these laptops will be out in the field. Thanks for any help!
Ram does not keep any info when you shutdown. Even if someone poured liquid nitrogen on your laptop, it would not make any difference. In the worst case, just remove the battery, but even that is completely and utterly unnecessary. Mrk
Check this out, https://freedom-to-tinker.com/blog/felten/new-research-result-cold-boot-attacks-disk-encryption, there is a window of time when memory chips contain data after a cold boot (hitting reset button or power cycling without shutting the OS down). Of course if an attacker has physical access there is also more they can do, such as take disk images and brute force decrypt at their pleasure, possibly even install malicious BIOS. Cheers, Nick.
Brute forcing would take to long with a strong password. Infected bios yes. ( not that I would use a machine that was taken and given back to me). That said more or less i'm just interested in seeing if it would work or not. I don't know why it won't work on my system even though I followed every guide on kexec I can find. I should have titled this "how to use kexec" to be more accurate. This is just what I happened to be playing with. Not to mention it doesn't hurt to have such a system in place. It takes ~3 seconds to wipe RAM on my system. Where as memory take about 30-90 seconds to completely fade from RAM. The colder the room the slower it fades.
Hi x942, What I would do is the following: 0) Load a spare laptop with your company's distribution. 1) Read the documentation from TAILS - memory erasure web page and make a list of all of the scripts and modifications mentioned. 2) Boot the latest TAILS via USB, on your company's spare laptop, and save each of those TAILS scripts, etc. on hard drive in a separate modification directory that is not part of the boot sequence. 3) Modify each of the scripts to be compatible with the laptop's boot and shutdown sequences - and save them so that you can switch between original vs modified versions to test them out on both reboot and shutdown sequences. To do the switching, you will have to create a script to backup and restore each version - i.e. original vs modified. 4) Test, modify, test, modify, ... until it validates and verifies to work just like TAILS shutdown and boot sequences under Ubuntu 11.10. Since Ubuntu 11.10 does not come with the Gnome Environment by default, hopefully your secured laptops have it implemented (rather than using the default Unity environment). -- Tom
Thanks! I do have the scripts from their site and now from the live environment as well. I did some research a kexec (which I've never needed to use before) and it calls the scripts now. Everything is working except the wipe kernel never powers down after wiping ram. I will have to look into it. The distro's are using XFCE for simplicity and speed.
Hi x942, With regard to the wipe kernel never powering down after wiping ram: 1) I have noticed in TAILS that sometimes it takes longer to power down than at other times, so I just walk away from my computer after activating shutdown to the point where it says you can remove the boot device (USB in my case), and come back later (10-15 minutes) to check on its progress. If it has not powered down by then, it may have just gotten stuck somewhere waiting for something to happen that has either already happended, or never will happen due to some condition that prevents it - then I manually power down by holding the power button in for ~ 5 seconds. 2) How sure are you it has finished wiping ram, i.e. on the basis of what evidence? -- Tom
1) Never had that issue. Maybe it's the hardware i'm using right now. 2) I left it for 20 min. It should have finished.