FileVault 2 Easily Decrypted

Current Linux disables the device-initiated DMA mechanism for firewire and other "untrusted" busses, though it should probably consider more types of busses "untrusted" than it does. This requires the host driver to initiate DMA, which it'll only do for devices it knows how to talk to safely. Turning this protection off (and thus making the system insecure) requires both compiling a kernel with the debugging-only option CONFIG_FIREWIRE_OHCI_REMOTE_DMA turned on <i>and</i> passing a kernel parameter at boot time, so you can't do it accidentally.<p>I thought more recent versions of OS X fixed this problem as well, but perhaps not.

Actually this applies to "all" other similar encryption technologies and is not limited to mac or firewire. You can also use Thunderbolt, PCMCIA, ExpressCard and even esata ports to have direct access to a computers RAM in which you passphrase is being held.<p>Basically all ports which use DMA are possible if I remember correctly.<p>Further reading:<p><a href="http://en.wikipedia.org/wiki/DMA_attack" rel="nofollow">http://en.wikipedia.org/wiki/DMA_attack</a>

This is what I set on my MBP (equipped with SSD):<p><pre><code> sudo pmset -a hibernatemode 25 destroyfvkeyonstandby 1 sms 0</code></pre>

tl;dr: direct memory access via firewire can recover the key within an hour.<p>Anyone know if firewire be disabled at the hardware level on macs?

Since the MacBook Air doesn't have a FireWire port, can I assume this technique doesn't apply? Or would it still be possible using one of the other ports?

Additional info is here: <a href="http://news.cnet.com/8301-1009_3-57370628-83/security-concerns-on-apples-filevault-decryption-via-firewire/" rel="nofollow">http://news.cnet.com/8301-1009_3-57370628-83/security-concer...</a>

On PPC Macs with Open Firmware (pre-EFI), FireWire DMA would be disabled if a boot password was set. I haven't come across any details on recent models...

Infinite redirect chain on my mobile phone.