Value of powering down computer and powering back up, frequently

A lot of those who use Windows, have the habit of just letting their computer going to suspend mode. Then restarting it by hitting the space bar.

Aside from any discussions about using Windows.

What is the downside of letting Qubes running continuously, or even for just 24 hours between reboot sequences.

2 Likes

One downside is that any data in use is an attractive target for adversaries aware of your habits. Similar to a server in a datacentre, if your activity has keep-alive network requirements, then your attack surface will be constantly exposed by your Internet connection.

2 Likes

When I wake my notebook from suspend and log back in, I can readily access my files without having to supply the disk decryption password. I also see opened apps, browser tabs etc.

So if you worry about data exfiltration it’s prudent to always do a proper shutdown instead. You could even make the notebook shut down when the lid gets closed.

1 Like

Essentially, when your computer is powered off, everything is stored on the hard drives locked up with AES-XTS encryption. This is known as “encrypted data at rest”.

In practice, this means that if I were to steal your hard drive/laptop, and read the blocks on your hard drive, it would look like this:

�J��
    �m��95D@�)�X��)R��ao&#����ڒ,k�NзqQ�����cM�D��#DqM�~����쵆�P�Ь�Կ�F�1�����s�c(�Y�txy��OyO���z���t������]
                          q����}����$4�MUN�=-i7�3�>q'�ᴍH�EL�u���ˤ��t�a��Ap�,������U��N©���+���o�5T��jU�D�Ҍ�Ɵ�!�����fT�߭=͢�"�I��Z�51�+��v������V�;�o��Z�+
                                                                      ������Nr"vNp�Fu�����+S�Cyɹ5�A/���]p�4�Kd��A��I���Lc}y?޳��� ����	�E�R�/_�Ʋ����Ns�K�́�C�
                                                                             F
                                                                              	S;xd;����!q�4�K��2���� ����k+\�+15�s�`�#7;���K񮲮֠�}�RTgs*�^���[	"Ydd���OH��!b$�;

Pure gibberish (without the decryption key) :slight_smile:


When you boot your computer, you input your LUKS decryption passphrase, and it stores that in RAM.

Your CPU then uses that key stored in RAM to take blocks from your hard drive, decrypt them, store the unencrypted contents in RAM while you’re using them.

Then, when you’re done, your CPU uses that same key to encrypt the contents, before storing that block on your hard drive.


When you shut your computer down, the contents of your RAM, and your decryption key, disappear. Because, you know, the chips don’t have any power going through them…


In contrast, when you sleep/suspend your machine, you put it into a state where the RAM is still powered and retaining whatever you had in it. If a process can be paused without breaking anything, it is paused. However, everything mission-critical to the computer functioning is still running unaffected.

In some cases, depending on what you’ve configured your machine to do (BIOS, background daemons, etc.), your machine can also be listening for outside input (network packets, keystrokes, bluetooth packets, infrared signals, camera face detection, whatever!). In some cases, your computer may actually still respond to these inputs as if it were still running, even though it’s “sleeping”.


It’s quite trivial to get the decryption key from a RAM dump, if you know what you’re doing.

But it’s impossible to get a decryption key that isn’t there when your data is at rest :slight_smile:


@zenyatta is right. It’s a lot more convenient to resume from sleep than it is to cold/warm boot.


@catacombs is also right in that most Windows users keep their machines perpetually powered on. (Actually, let’s be honest, most of us do that too :stuck_out_tongue:).

This might explain why Microsoft has reboots forced upon their machines periodically.

But there is definitely some merit in the practice in some cases.

Servers have this issue frequently when they update their software, but have to wait until their tasks are completed to actually be able to replace the running processes with the updated versions.

This is particularly important when you might have vulnerabilities in some of your software that’s currently running.

A cold boot is the most surefire way to ensure that all running processes are the ones stored on the hard drive (i.e. the ones you just updated).

Yes, kexec will allow you to reboot the kernel without power cycling your machine in some circumstances, but I wouldn’t do that on Qubes OS, unless you’re prepared for things to break :stuck_out_tongue:


So yeah, like everything here, it all depends on your own threat model :slight_smile:

4 Likes

How exactly would you get the dump from a suspended system?

Even without modern countermeasures like memory encryption and memory scrambling, which makes cold boot attacks impossible, has anyone successfully demonstrated a cold boot attack against a DDR4 system?

And most systems don’t even use DDR4 any more.

4 Likes
3 Likes

Physically

Good ol’ liquid nitrogen, the Berlekamp-Massey algorithm, and a lot of patience.

@apparatus that’s actually a good read.

Remotely :roll_eyes:

@renehoj true, it would be very difficult. Even harder on most modern hardware (and almost impossible on Qubes OS).

This is me just brainstorming here, but if I had to envisage a way, it would be something along the lines of:

  1. Let’s just say that there was some kind of input device (USB port, NIC, HID device, battery interface, etc.) that was still “active” during system suspend. This is present in quite a lot of hardware (ever plugged a phone into a USB port while the machine is off/suspended and it charges?), and some even allow configuration in the BIOS of its behaviour.

  2. Let’s just assume that some kind of carefully-crafted input allowed for RCE on the device firmware. Picture a peripheral/interface made by a manufacturer that thinks they’re making a whole damn computer. One of those “let me take care of the cryptography for you so your CPU is less strained” network cards that nVIDIA are pushing in the data center market.

  3. Plant some code that would dump the RAM on system wake, and send it off.

This scenario, however fantastically unlikely, is not beyond the realm of possibility.


I only have 3 machines that are using DDR4, quite a few are using DDR3, and I have one still running on 320MB of PC100 SDRAM.

Yes, it’s tough to find new hardware that has DDR4 or less, but the second-hand market is full of it.

2 Likes

While we’re on the subject, this is also a very interesting read:
https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html

Can you get root escalation with just a lighter? Turns out, under the right conditions, YES… :face_with_diagonal_mouth:

2 Likes