What do people think of possible ways to prevent cold boot attacks for qubes?
The wikipedia article mentions UEFI secure boot to prevent an attacker from booting up a custom software environment to dump out the contents of main memory.
It also mentions RamCrypt and TRESOR which encrypts data in memory and stores the encryption key in the CPU registers.
It also mentions secure erasure of memory, saying:
“An effective secure erase feature would be that if power is interrupted, the RAM is wiped in the less than 300 ms before power is lost in conjunction with a secure BIOS and hard drive/SSD controller that encrypts data on the M-2 and SATAx ports. If the RAM itself contained no serial presence or other data and the timings were stored in the BIOS with some form of failsafe requiring a hardware key to change them, it would be nearly impossible to recover any data.”
Has Qubes implemented any of these mitigations or is working on them?
How about the insurgo certified laptop?
I’ve also seen conflicting information about which RAM wipes it’s memory quicker than others, with some saying ddr3 isn’t that susceptible to a cold boot attack, and others saying it is and ddr4 or ddr5 wipes ram quicker.
Thanks for the help