Protect macOS from cold boot attacks

cold-boot

If you care about privacy and security, you most certainly have turned on FileVault, macOS’ full disk encryption implementation (similar to LUKS on Linux).

file-vault

If you haven’t and your computer is plugged in, I suggest stopping whatever you are doing, backing up your data (on an encrypted storage device) and turning it on right away! The encryption is elegantly done in the background so you can quickly get back to work.

The value proposition of full disk encryption is a no brainier. There was a time when it impacted the performance of computers, but today’s CPUs are optimized for these kinds of tasks so you won’t even notice unless you are involved with 4K video editing of some other disk I/O intensive work.

Now, depending on your level of paranoia, it might be worth digging into how full disk encryption actually works. Put simply, in order to encrypt data on the go, your operating system needs to know your password at all times. It achieves this by storing it in the random access memory (RAM) of your computer. RAM is volatile meaning its data is cleared when powered off so you’re safe right? Well, that depends on how you use your computer. If you’re like me, you probably put your computer to sleep most of the time (you don’t shut it down entirety). By default, when a macOS computer sleeps, it doesn’t clear the password from your computer’s RAM which means you are vulnerable to cold boot attacks.

Thankfully, there is an easy fix! Simply run the following pmset command using the Terminal.

# man pmset
sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25 standbydelaylow 0 standbydelayhigh 0

destroyfvkeyonstandby 1 tells macOS to destroy your password (override it with random data) when your computer goes to standby mode.

hibernatemode 25 tells macOS to store the content of the RAM to the hard drive (which is encrypted using FileVault) and power off the RAM (which clears its data).

standbydelaylow 0 tells macOS to enable standby mode immediately when your battery is low and you put your computer to sleep.

standbydelayhigh 0 tells macOS to enable standby mode immediately when your battery is high and you put your computer to sleep.

Had my computer stolen a few years back and, even though FileVault was on, I wish I had known this.

Contributors:Sun KnudsenSun Knudsen

Wish to contribute? Please submit an issue or a pull request.
This website is not tracking you. PGP public key fingerprint: C4FB DDC1 6A26 2672 920D  0A0F C132 3A37 7DE1 4C8B