Re: Encrypted Swap

Adrian Cox (adrian@humboldt.co.uk)
Sat, 18 Aug 2001 09:51:49 +0100


Richard B. Johnson wrote:
> We've established no such thing. In fact, you can't properly initialize
> SDRAM memory without writing something to it.

After all of this theory it was time to do some experiments. I modified
the BIOS on my current PowerPC system to compare memory against a test
pattern (I chose 0x31415926 incrementing by 0x27182817) over the address
range 0x0 to 0x100000. This pattern has approximately 50% 1s and 50% 0s.

On pressing the reset button, I got 100% of bits holding the same value.
If I turn the power off for 20s, I get approximately 90% of bits holding
the same value. After a minute, it's dropped to the 50% level, which I
take as random.

For added fun, I then tried turning off, pulling out the DIMM, plugging
it into the other slot, and turning back on. 97% of the bits had the
original value. So one attack we must consider is the attacker removing
power, ripping the DIMM out, and plugging it into a special DIMM reading
device.

Your descriptions on how memory is started look very machine specific.
On mine (Motorola MPC107) I write the number of row bits, column bits,
and internal banks to the memory controller, along with the CAS latency.
I then set MEMGO, and the memory controller precharges each bank.

-- 
Adrian Cox   http://www.humboldt.co.uk/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/