Is the community interested in cold boot resistance?

yianni · July 19, 2025, 2:48am

Hello,

I have some simple ideas for improving defenses against cold boot attacks that I can present to the Qubes developers.

But, I’m just wondering if people actually care? The last time this was discussed in the forums was 2022. So, if I spend 4 hours writing something up for the developers, is that a good use of my time?

Also, in general, what’s the best place to post technical suggestions for improvement?

Best wishes,
Yianni

Sks · July 19, 2025, 4:32am

Hello, definitely. I would say this OS’s job is to be the most secure on the planet, adding an extra protection wouldnt hurt, although there are other ways to get the encryption key. If someone has acess to your computer it is basically done for, that is why the devs have not made more effort to physical security in my opinion.

renehoj · July 19, 2025, 4:39am

It has been discussed in the last year both on the forum and github.

Xen memory scrubbing does provide some protection against cold boot attacks, and if the default settings are too relaxed, you can force Xen to scrub all memory when a domain is destroyed.

parulin · July 19, 2025, 4:51am

~~It’s only a reasonably secure OS~~

Edit: that comment was supposed to express some skepticism about @Sks’s answer. Because the following question is legitimate:

Now this topic flew away from any planet… That wasn’t my intention.

Qubie · July 19, 2025, 5:35am

And what OS would you call “the most secure OS from all existent”?

Qubie · July 19, 2025, 5:43am

If you have really good ideas for Qubes security improvements then I would highly recommend you to read this manual. Maybe it will inspire you to make even more improvements for protection from Qubes physical access attacks.

Qubie · July 19, 2025, 6:01am

And yeah, this topic is really in demand. As much as many other security and anonimity related topics. You can at least check out these ones:

OvalZero · July 19, 2025, 8:36am

The only tamperproof computational system (OS and hardware) that exists is the one on Voyager 1, which is now sufficiently difficult for attackers to reach … physically.

unman · July 19, 2025, 10:40am

@Yianni _ Thanks for interest in contributing. It’s a good topic.

I recommend mail to qubes-devel, as explained here:
“This list is primarily intended for people who are interested in
contributing to Qubes or who are willing to learn more about its
architecture and implementation.”

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

qubes1 · July 22, 2025, 5:32am

Actual rage bait hahaha

Sks · July 22, 2025, 8:45am

Voyager 1? You mean the satellite?

OvalZero · July 22, 2025, 12:16pm

Yes.

arkenoi · July 22, 2025, 12:31pm

Aren’t newer hardware platforms cold boot resistant out of the box (memory encryption with ephemeral key)?