Soldered on ram to prevent cold boot attacks

Hardware
1

can you start shipping laptops with the ram soldered onto the motherboard? is this already the case with any of your hardware?

one method of cold boot attack is physically removing the memory, possibly using an air can to freeze it first. soldering the ram onto the motherboard prevents this, or at least makes it difficult. combine that with a password protected bios, and its hard to do this.

the attacker is left with physically opening up your laptop and using jtag, which i hope is not possible with purism hardware.

the threat here is an attacker that wants your data, and may not care if you know it was stolen.

this also helps on the tamper evidence side because then its safer to keep it on and see if whats behind the lock screen changed.

ive put epoxy over the connectors on ddr3 ram and it seemed to work ok, but that was an old laptop that started flaking out some time after. dont know if the epoxy had anything to do with it.

1 Like
2

Why don’t you simply turn your computer off when it is unattended? :slight_smile:

Joke asside, I’ve found at least two really good thoughts about credibility of this attack:

https://freedom-to-tinker.com/2008/02/21/new-research-result-cold-boot-attacks-disk-encryption/#comment-12811
https://freedom-to-tinker.com/2008/02/21/new-research-result-cold-boot-attacks-disk-encryption/#comment-12812

3

theres also the evil maid, the “new hire” who stopped at your desk while you were at the bathroom, and those times you want to use your hardware, but dont want to expose the encryption key by typing it in.

in the simplest example, you decrypt, go fix your customers router, then turn it off. given that self encrypting drives have many similar issues, https://www1.cs.fau.de/sed , might as well use software where can verify its design and how well it works. even if you use an sed, there may be other sensitive data in ram.

could go on, but in short, its a win with little loss. motherboards and ram have gotten pretty reliable so the chance of the ram breaking on its own is low. at least with macbooks.

4

Personally, soldered ram wouldn’t be something I’d want.
I like having the option to upgrade/add more RAM.
Just my two cents worth.

1 Like
5

purism laptops are meant to be security focused. cold boot attacks are a real threat. if they dont concern you, there are other vendors and models.

this is unlikely for any vendor, except dell or apple who really do design their own laptops instead of just choosing parts to put them together. i doubt purism has the resources, but this is the only company i can think of that would. besides apple, of course, but they don’t have purisms other advantages.