[Cryptech Tech] Status tamper detection and MKM erasure

Warren Kumari warren at kumari.net
Fri Jun 10 16:45:35 UTC 2016


On Fri, Jun 10, 2016 at 10:21 AM, Linus Nordberg <linus at nordberg.se> wrote:
> Linus Nordberg <linus at nordberg.se> wrote
> Wed, 18 May 2016 12:52:15 +0200:
>
>> Next up is lowering power consumption in idle mode (disable unused
>> functions, use interrupts instead of busy-looping) and speed up erasure
>> (write in "sequential mode") and implementing some kind of POST function
>> in collaboration with the FPGA and the ARM.
>
> I just pushed some code to user/ln5/tamper. From commit message:
>
>     Do wipe MKM when tamper is detected, sleep when not.
>
>     Writing the MKM in "sequential mode" (a.k.a. "burst") but still
>     busy-waiting for confirmation of SPI write operation being done.
>     Would using an interrupt be faster?
>
>     Sleeping is done in "power down mode". There are less sleepy modes
>     which presumably consume more power but might wake up quicker. A good
>     start would be to figure out how long time it takes to wake up from
>     power down.
>
> It'd great if the FPGA could verify that the MKM is indeed full of
> zeroes after the button has been pressed. Joachim?

I hope I'm not re-litigating something which has already been settled,
but *should* the MKM really be full of zeros after the button has been
pressed?

There continues to be progress in the "cold boot" attacks -- e.g:
https://nullcon.net/website/archives/ppt/goa-15/cold-boot-attack-on-ddr2-and-ddr3-ram.pdf
and "Lest we forget: Cold-boot attacks on scrambled DDR3 memory" -
https://www.dfrws.org/2016eu/proceedings/DFRWS-EU-2016-7.pdf
Should the tamper overwrite MKM with all zeros then all ones N times,
and then spend some time overwriting with random data (M times)? Or
are we sure that the MKM has no remanence effects?

If this has already been discussed and dismissed (I kind of remember
some discussion) I'm find to be told so...


W




> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the Tech mailing list