Cold boot attack on Qubes OS

A running Qubes OS system is vulnerable to Cold boot attack - Wikipedia

A sucesful cold boot attack gives the adversary acess to all data on disk. full disk encryption will be useless. The attacker can read sensitive data in RAM too, so even a live OS could be vulnerable.

For instance if you leave the system unattended for a moment one adversary could keep you in check while another performs a cold boot attack. Perhaps a logical step in a world where people use full disk encryption and live OS.

A mitgiation is to glue the RAM onto the motherboard and use UEFI secure boot to prevent RAM dumps. Tails tries to prevent the attack by writing random data to RAM on shut down and there are patches for the Linux kernel, RamCrypt and TRESOR, which encrypts RAM with a key stored in CPU registers.

Any ideas on how we can defend our Qubes from the cold boot attack?

AMDs Zen architectures feature “Secure Memory Encryption”. As far as I know the Xen Project has implemented this feature, which you can enable through your BIOS or a kernel parameter.

In case you trust AMD that proper cryptography is used, this is something that you could consider.

I don’t think this will go far by itself.
The best is to have an option in the BIOS, anything OS level is subjected to change in the future with a simple OS update for compatibility.

Anyway, pretty much each machine can successfully be hacked in this way.

well i mean tbh it’s not really worth the time if u ask me
with soldered on ram and a good enough of a ram…

the information decays pretty quickly

soldering on ram can be very problematic but it’s the best way to prevent cold boot attacks if u ask me

glue is well probably can be removed fairly easiy… but i guess it depends on the glue

and the de’guling agent
or very hard to remove which’d make the ram not very upgradabe/repairable…
also cold boot attack
is literally “cold”

freezing the ram with air is a great way to keep the ram while u unscrew the computer and deglue/desolder the ram…
de soldering in the cold temperature is a bit harder but idk about glue

also an attacker who lets say… snatches you’re laptop o burgles you’re apartment and gets you’re phisical pc will have to again keep it old and… to get you’re decryption key

i mean if lets say a goverment or a criminal organization is targeting you… completely possible (but then u should have other issues to fear)

but other then that cold boot attacks aren’t really practical
also were never demonstrated out side of lab conditions
and with good enough of a ram…

just don’t worry about it

What do you mean with “and with good enough of a ram…”?

well what do u use basic ddr4 should do…
the faster newer rams loose information much faster offliine
older gen like ddr2 are the worse and relatively in a very high risk for a cold boot attack

ddr5 are ideal
faster speeds and so on…