Layman’s article: https://cacm.acm.org/research-highlights/technical-perspecti...
Also seems like ACM republished the author’s paper from 2022? https://dl.acm.org/doi/pdf/10.1145/3503222.3507710
My summary:
DRAM is not a safe place to store your secrets due to cold boots, so it gets stored in SRAM (which includes registers and L1/L2 cache) instead.
Buuuuut, you might be able to dump SRAM across boots with this technique.
If I understand correctly: SRAM/cache/registers all require a lower voltage to maintain their state than the cpu requires to run.
So attach that intermediate voltage on the VCC pin closest to/running the SRAM and pull the plug on everything else. I guess they’re either not cross-connected internally or the choice of voltage stops that from being a problem. Just don’t let your voltage sag lower than required to maintain the SRAM.
Now your cache/registers/SRAM are maintained. Power up with JTAG or a custom/debugging bootrom/mode that hopefully doesn’t overwrite much/any and dump away.
> Our experiments across various devices reveal that hardware SRAM resets during boot are uncommon. Most boot with undefined SRAM states, persisting until overwritten by software.
Oops.
Makes sense: you might want to turn off the CPU but keep the SRAM/cache/etc running for hibernation, and that’s controlled externally for some reason (?)
Isn't easier to just read the password from the hard drive ? You already have access.
If you care about security, you'd be disabling these. Every product I've worked on disables JTAG and other debug features on production boards and enables secure boot.
Physical access to these devices leads to a wide range of security exploits
Physical ownership = real ownership. That's how it's always been and should've stayed that way, if it weren't for the greedy megacorps. Valid exceptions to this level of paranoia are state secrets and other military-adjacent applications.
Playing devil's advocate, what are your security expectation when someone steals your device? Is it acceptable that they immediately gain control of all services available through your them, such as email address, bank accounts, and investment portfolios?
Legally they have no right to anything. Physically, they access whatever they access. That's how it's been forever. I don't get the point of the question.
What are you talking about? The scenario involves someone stealing from you. Do you think the legality of it is a dissuasion?
Also, OP's point was that "Physical ownership = real ownership."
> Physically, they access whatever they access. That's how it's been forever. I don't get the point of the question.
The whole point is that that's not the expectation or desire of every single person around you. Not one.
That's the fact you're not understanding. The ability to lock down a device and prevent unauthorized third parties from accessing it is a strong ask by everyone, not only "megacorps". The ability to track down and remotely pull a kill switch are sold as premium features by some manufacturers. Mobile operators have for a long time the ability to block cellphones by IMEI to prevent theft. A very popular product from one of the biggest companies in the world is a small tag that consumers can attack to their property to be able to find them and recover them.
And in spite of all these facts, are we suppose to pretend no one wants control access to their hardware to prevent unauthorized access from third parties?
You don't have "ownership" over something you stole. You have possession of it. Possession != ownership.
> The whole point is that that's not the expectation or desire of every single person around you. Not one.
Then you're misunderstanding what people are arguing. People want the owner to be the ultimate authority. The owner gets to encrypt what they like, expose what they like, track what they like, trust megacorp they like, etc. And if a thief steals the device, they get whatever they get as a result of the owner's decisions. Which could be all their data, or a visit from the local police, depending on how the owner prepared for it.
You need to develop your functional literacy skills because you clearly are failing to even understand the topics being discussed, let alone the arguments going either way.
What is wrong about the OPs arguments that suggests a failure of literacy on their part?
If you want a device that is locked down by the manufacturer so it only runs software they approve of, in the name of security, that is a tradeoff you should be allowed to make, and the free market is ready to accomodate your desire. Unfortunately, those of us who want the opposite are not so lucky currently.
Is it really impossible to see for you why some people have a problem with this situation persisting, and with comments like yours further normalizing it?
You seem to feel there is no benefit to this protection (from non-owners of the device), and instead is protecting the device from the owner. Would you care to expand on that?
This is exactly the kind of attack that's used to extract DRM keys, which are normally made completely inaccessible to the user by malicious device vendors.
Gualdrapo•6mo ago
[0] https://www.youtube.com/watch?v=Tsk3zAZyLaQ
cycomanic•6mo ago
davidw•6mo ago
and I'm in the same boat. Or bike, as it were, what with hours of watching the Tour this month.
NoPicklez•6mo ago
motorest•6mo ago
https://news.ycombinator.com/item?id=44614837
NoPicklez•6mo ago