none
How does Secure Boot prevent memory remanence attacks? RRS feed

  • Question

  • This article says that you should either disable all external boot devices or use secure boot to prevent or mitigate memory remanence attacks.

    This type of attack roughly works as follows:

    1. First, boot the BitLocker protected system partition, which is configured in the "TPM Only" mode. It decrypts the partition and stores the encryption key in memory.
    2. Reboot to an external boot device like a USB stick and dump the memory to look for the key. This is sometimes possible because  rebooting the machine does not instantly and completely clear the RAM. The data in memory might persist for a little while and even longer if you cool it a lot.

    It's obvious how disabling external boot devices and protecting the BIOS with a password helps. You'd have to remove the memory modules and read them from a different system, which is a lot harder and has a lower chance of success.

    However, I don't completely understand how secure boot helps. The part I know is that secure boot prevents you from booting an arbitrary boot loader because it only allows booting of known boot loaders with valid signatures. But what prevents you from booting a "trusted" Windows PE and then running a memory dump from there?

    Tuesday, November 28, 2017 6:44 PM

All replies

  • Look at this article for more information.

    Direct Memory Access Attacks

    https://technet.microsoft.com/en-us/library/dn632182%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 29, 2017 6:18 AM
    Moderator
  • As you say, when someone finds your computer turned on and freezes the RAM and removes it, he won't care for any local secure boot settings. Secure boot makes it a little harder but not impossible to boot something that will read out the RAM, since booting Windows Setup (and with it, WinPE) and also another windows installation from  different hard disks is still possible. If you use a bios password, you can prevent changing the boot options, that is always a good thing. Some bios' will not completely reset even when you use the mainboard jumper: the boot order is kept, so no one could tamper with the boot settings just like that.

    Still: if you want high security, never leave your computer turned on and unattended in untrusted environments and also use a startup PIN.

    Wednesday, November 29, 2017 1:17 PM
  • A reset of the BIOS should not be an issue because BitLocker would refuse to decrypt the disk and prompt for a recovery key. Microsoft recommends the TPM only configuration for most cases because it is more user friendly and they claim it's also quite secure, whatever that means.

    The issue with disabling other boot options is that you need them most of the time. At work we need PXE boot for the automated (re-)installation of devices. We also need USB boot enabled because modern notebooks often don't even have an integrated Ethernet adapter. PXE booting over the USB-C docking station requires USB boot enabled. I'm not sure if that's how it's supposed to be or a bug with our HP devices, though.

    I'm just trying to figure out the technical reasons behind the claim that Secure Boot helps against memory remanence attacks. I've found one possible explanation in this video:

    https://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B314/player#time=38m18s

    He explains how you could boot a very small Linux kernel and dump the memory. At around 38:18 he claims that this doesn't work with Secure Boot because "the only supported Linux kernel is so big that it just doesn't work". Windows PE would of course be even bigger.
    However, I still don't understand why it's so unlikely to find the secure boot key still in memory if you overwrite a few hundred MB of the RAM with the running OS when computers often haven 8 GB or more memory. You could repeat that process several times in a TPM Ony configuration. I assume RAM is used randomly and it's not like the secure boot key is always "at the beginning" and gets overwritten first.


    • Edited by Bef Thursday, November 30, 2017 3:25 PM
    Thursday, November 30, 2017 3:09 PM
  • Look at this article for more information.

    Direct Memory Access Attacks

    https://technet.microsoft.com/en-us/library/dn632182%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    My question was about memory remanence attacks, not DMA attacks. I've already red that article, actually. Unfortunately the part about memory remanence and cold boot attacks doesn't answer my question either. They also claim that UEFI Secure boot helps, but the only explanation they give is that you couldn't use that particular tool used by the researches from Princeton university. But what if they ran their tool from a Windows PE?
    Thursday, November 30, 2017 3:19 PM
  • "A reset of the BIOS should not be an issue because BitLocker would refuse to decrypt the disk and prompt for a recovery key" - no, wrong. If you return to the same bios settings as before the reset in terms of secure boot settings and UEFI/non-Uefi usage, it will NOT ask for the recovery key. I tested that on different hardware.

    "I assume RAM is used randomly and it's not like the secure boot key is always "at the beginning" and gets overwritten first." - that is the question. Question is, would a windows setup disk or even a different windows installation booted of another disk overwrite that. I don't know and I haven't used tools that look for a key in memory.

    Thursday, November 30, 2017 3:59 PM