On 2008-03-09 Larry Seltzer wrote: >>> WRT the DMA access over FireWire it's but a bad response since it >>> doesn't get the point! >>> 1. Drive encryption won't help against reading the memory. >>> 2. The typical user authentication won't help, we're at hardware level >>> here, and no OS needs to be involved. >>> 3. The computer is up (and running; see above), no hibernate or sleep >>> is involved here. > > So on a freshly-booted system with drive encryption you can read > whatever you want on the disk? Yes. Simply because the drive needs to be decrypted for the system to boot. Without decrypting the disk there's not difference to a switched- off box, because it's utterly unusable to anyone. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
