Top
Best
New

Posted by IngoBlechschmid 4 hours ago

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory(mathstodon.xyz)
242 points | 119 commentspage 2
deng 3 hours ago|
> Except that, for more than two years, the encryption key remained resident in memory across suspend, leaving it there for the taking by anyone who seized the still-powered laptop.

I don't get it. Obviously, the laptop is locked when it resumes, how is that key "for the taking by anyone"? I'm not saying it is impossible to read out RAM from a locked laptop, but surely not by "anyone".

jakewins 2 hours ago||
There are attacks that allow dumping RAM if the device is powered on though and you have physical access. Depending on config it may be very easy (just plug in a dumper over Thunderbolt on USB C and do direct memory access) or hard (freeze and swap physical RAM to an unlocked machine).. but the idea was defense-in-depth here; a well configured device should both be hard to dump RAM on and it should not give encryption keys if an attacker succeeds.
nicce 3 hours ago|||
Anyone with physical access. I think it is understandable from the phrase.

There is a common misconception about how lock-screens in general work - they usually just prevents using the current hardware and software as it is to access the current OS. But the disk encryption is the main thing that prevents modification and other kind of access to actual data. And if the disk encryption key is lying in the memory, then effectively, the disk encryption is bypassed if someone can access the machine physically and assuming that there are no sufficient tampering protections in place for that machine.

acdha 2 hours ago|||
Anyone with physical access, significant tools, and experience. The FBI has people who can pull data out of memory after freezing the RAM but the average laptop thief doesn’t so how serious this is depends significantly on your threat model. If you’re not a major criminal, bitcoin whale, or intelligence target this is almost certainly academic.
bluebarbet 17 minutes ago|||
While that is true, the fact is that encryption is technically useless for anyone who is not constantly powering off and on, which is surely a bunch of people. That this is not widely understood is IMO a problem. And excellent reason for Debian's feature.
deng 2 hours ago|||
> If you’re not a major criminal, bitcoin whale, or intelligence target this is almost certainly academic.

Thanks, that's what I thought.

deng 2 hours ago|||
> Anyone with physical access. I think it is understandable from the phrase.

Sorry, I'm probably dense, I still don't get it. You steal a laptop, you open it, the screen is locked with a password/fingerprint whatever. How do you read out the RAM from that laptop?

IngoBlechschmid 2 hours ago|||
Several options. One is you restart and boot from a live system where you are root, and then dump all memory. This is described in the paper with the witty title "Lest We Remember: Cold Boot Attacks on Encryption Keys":

https://www.usenix.org/legacy/event/sec08/tech/full_papers/h...

Other options: DMA attacks. Also you never know what the Intel Management Engine hidden in your computer is doing. It's running a version of Minix you don't have any control over, and it has full access to memory.

john_strinlai 2 hours ago|||
>How do you read out the RAM from that laptop?

the term to look up is "cold boot attack" (https://en.wikipedia.org/wiki/Cold_boot_attack).

tons of cool live demonstrations of how it works on youtube if you've got the 20-40 minutes to spare

deng 2 hours ago||
Still, this is a pretty crazy definition of "anyone".
saidnooneever 2 hours ago||
you dump the physical memory, then decrypt the disk offline
quotemstr 2 hours ago||
It's because of vulnerabilities like this that I enable Intel's "total memory encryption" feature. No plaintext leaves the CPU package. DIMM swap attacks become useless. Moreover, it's basically free: the cryptography happens directly in the memory controller, in hardware, inline with the bus transactions the CPU is doing anyway.
fsckboy 1 hour ago|
I don't see how that solves this problem. there is a string in memory that gets saved on suspend. that string when read by the CPU has the same properties it had before. if the CPU is using rot-13, the string is still rot-13 and the attacker doesn't need to spend the compute needed to crack rot-13, the CPU will simply do that as normal.
quotemstr 1 hour ago||
How do you see an attacker obtaining the key from memory if not by some kind of cold boot attack or memory swap? Encryption defeats these attacks. An attacker who can read kernel memory via software is 90% of the way to beating you anyway.
panny 3 hours ago||
[flagged]
palata 3 hours ago||
And I don't use GUIs, but it doesn't mean I have to be a jerk to people who are happy when their GUI gets better :-).
panny 3 hours ago||
Suggesting I'm an exotic animal for being budget and environmentally friendly is being a jerk too.
ekunazanu 3 hours ago|||
> That's a you problem. I shutdown my machine when I'm not using it.

"We designed the antennas correctly, you're holding the phone the wrong way."

adontz 3 hours ago|||
It's not a good analogy. Something is still on in suspend. Good you can control Linux kernel, but what about all other chips which may be an attack vector?
1718627440 3 hours ago|||
Except shutting down and hibernate are two actions the user can literally select from the same menu.
bwat49 3 hours ago|||
I shutdown mine too but only because suspend is still a crapshoot on linux
jchw 3 hours ago||
There will always be more suspend/resume bugs to work through. It varies a lot per device. I feel it's necessary to paint the picture for people who are curious what it means for it to be a crapshoot, so indulge me while I share my experiences.

For work I have a ThinkPad T16 Gen 4 with the newer AMD gfx1151 iGPU. Works great. I have yet to witness any issues with suspend/resume. I suspect this is the case because it is running Ubuntu with Lenovo's own support package. Theoretically, from firmware to kernel, this is all tested and validated by Lenovo, like what certainly happens with every Windows laptop and all of the components that go into them.

I also have a gen 1 Framework 16. I have seen it crash on suspend, but it is pretty rare, so I've just shrugged it off for now. It would be hard to debug, I don't see it every month despite using the thing every day.

All of my desktops currently have perfectly reliable suspend resume, you can slam it all day and all night. The last time I ran into issues was a use-after-free issue in AMDGPU. Pretty alarming, although to be clear it never hit any LTS or vendor kernels that I am aware of. I hit it because I prefer to run the latest kernel on my personal machines.

I have certainly owned laptops where suspend basically didn't work, or it would not stay suspended. I think this mainly went away when I started specifically picking laptops for Linux support.

For Intel iGPUs and dGPUs, the track record has been flawless for me. I have a few of the new Battlemage cards that default to the xe kernel driver and those have been working very well as expected. So that's nice.

I don't think this situation will be fixed until more hardware vendors are taking part in validating their stuff on desktop Linux and keeping track of the kernels. The current Linux model seems to be just dealing with whatever the vendors crap out for Windows, often full of weird ACPI behaviors and buggy firmware. It's not to say that the fault of the problems don't often lie with code in the Linux kernel, but they do not seem to wish to be bug-compatible with Windows and I think that is perfectly reasonable, so for problems that come from essentially broken firmware, it simply is going to need vendors to actually fix their shit.

(And that includes AMD. The drivers are good in some regards, but it's hard to ignore AMD's stability issues even still. At this rate, more of the long outstanding AMD driver issues will get resolved by Claude than AMD engineers... Like with Panel Self Refresh on 7040 iGPU, apparently.)

codedokode 3 hours ago||
I am too lazy for that, and I hate that after boot you need to launch everything again.
IngoBlechschmid 3 hours ago|||
Suspend to (encrypted) swap might be a good middle ground between you and grandparent. Suspend to memory will (at best) protect your LUKS volume key, but other sensitive data remains.

A couple of years ago, three security researchers from the TU Munich implemented a prototype for also encrypting (most) parts of the memory just before suspend, to address this limitation; but as far as I know, it was not upstreamed or developed further: https://www.sec.in.tum.de/i20/publications/fridgelock-preven...

1718627440 3 hours ago|||
You can usually change that in the settings of the Desktop environment.
codedokode 3 hours ago||
There is no universal support for restoring state between the apps. For example, Terminal won't run the scripts that were running, the browser will not automatically restore the pages etc, some apps might not launch or launch with wrong state.

Gnome desktop environment cannot even remember the position and size of console windows, you are expecting too much.

naturalmovement 3 hours ago|
Definitely not a symptom of Linux being a hodgepodge of code thrown together from a thousand different sources and no one person could tell you how it all fits.
cevn 3 hours ago||
Bugs happen in all code. The difference is, anyone can fix stuff in open source. Closed source bugs are out of control and must be worked around. Usually by switching to OSS
stackghost 3 hours ago|||
Of course it's (indirectly) a symptom of that.

What's the alternative? Proprietary closed-source operating systems owned by corps who can be compelled to insert covert backdoors?

If BSD was as popular as Linux it would have the exact same problems.

steve918 3 hours ago|||
I wonder if you think other OSes are any different?

TempleOS is the only thing that comes to mind that doesn't fit your description and it's not practically useful.

Any sufficiently large codebase is a mix of ideas and concepts implemented by different people with different priorities over a large timespan and if you can fit the entire thing in your head it's not very interesting or complex.

IngoBlechschmid 3 hours ago|||
Qubes OS, the Linux distribution aspiring to offer a reasonably secure operating system, pioneering a "every app runs in a virtual machine" approach in the Linux laptop/desktop space, tracks this at the following issue:

https://github.com/QubesOS/qubes-issues/issues/2890

saidnooneever 2 hours ago||
QubesOS is Xen based. Not Linux.
naturalmovement 3 hours ago|||
The *BSDs, Mac, and Windows all keep critical code in the same tree as the OS.

Something like disk encryption would be immediately visible.

So you don't have this mess of 80 different distros with 60 different versions of systemd, 20 that don't use it, a million kernel versions and it's all thrown together in a Costco-sized trash bag and we call the output "Linux".

yaris 3 hours ago|||
In my experience any software system (not just operating system) after crossing a certain limit on complexity and age looks exactly as hodgepodge of code pieces thrown together, sometimes from different sources even if developed by one org. All major OSs have long crossed those limits, I believe.
brainwad 2 hours ago|||
Windows for ages did not really keep all the code in one repo. There were like a dozen parallel repos for e.g. the shell, kernel, IE, etc. Also every feature was developed on team-level branches; integrating all those branches often caused unexpected bugs.
dist-epoch 2 hours ago||
"Mythos, find me a bug in LUKS. I know there is one in there".