Cache-as-RAM for mitigating Cold-boot attacks

By: doodle

The computer memory is no longer an impeccable bastion host. Should the encryption key be enabled with the computer system?

Recently, Peter Stuge introduced an open-source BIOS called "coreboot. Coreboot uses little-known CPU configurations, which make the CPU cache display as normal RAM (for CPU ). Peter said that "Cache-as-RAM" will be the basis for defending against Cold-boot attacks. Cold-boot is considered an effective method for attacking the full-disk confidential solution.

The advantage of using the CPU cache in security is that it is not prone to Cold-boot attacks, because the CPU cache is usually reset by the CPU during initialization, moving all the encrypted information from RAM to the CPU cache will invalidate the cold-start attack,

However, the use of CPU cache as secure memory has a major defect: This seriously reduces system performance. What is the impact on performance? During the first test, I was totally unable to respond. I thought the computer crashed. After a few seconds, I realized that the computer did not crash, but the response was very slow.

Solving performance problems is an urgent issue in the POC stage. Experts said that one way to reduce performance impact is to activate the "Cache-as-RAM" mode only when security is required, that is, when the screen is locked. Therefore, the user will not be affected by any performance during work. When the computer system is not used, security can be ensured, but it may also be subject to unauthorized physical access.

This research concept is simple, but it may be a little trivial, but to defend against attacks, you must pay attention to the details. You cannot only move the encryption key to the CPU cache, because other encrypted data may still be in unprotected RAM. For example, the operating system buffer that protects and decrypts disk information should also be moved to the CPU cache to avoid plain text attacks on the encryption key.