Re: Does reboot clear RAM?

[Narcis Garcia]

I'm now supposing that Qemu is currently assigning RAM to guest with
host's RAM garbage: A host leak to guest?


El 12/11/19 a les 2:20, Jakob Bohm ha escrit:
> On 11/11/2019 20:27, Joachim Durchholz wrote:
>> Am 11.11.19 um 15:35 schrieb Jakob Bohm:
>>> On physical machines, the following mechanisms are common:
>>>
>>> 1. DRAM chips physically loose their contents after a few seconds of
>>> power
>>>    off,
>>
>> I am by no way an expert, but the forensic experts tell me that data
>> can persist for *minutes*.
>> Of course, the first bits flip after a few seconds. But you don't get
>> a guarantee that everything is zeroed.
>> I also hear that temperature plays a really big role here.
>>
> There's a difference between reading faded bits with special analogue
> equipment
> after artificially cooling chips way below what the datasheet allows, and
> reading the digital bits at normal temperature, voltage etc.
> 
>>> 3. On x86 and x86_64 PCs, the IBM compatible BIOS typically does a
>>> memory
>>>    test and wipe during actual boot, but not upon a software
>>> initiated boot.
>>>     This PC BIOS rule exists for the following two purposes:
>>>
>>> 3.1 Older guest operating systems use a software reset to switch the CPU
>>>    from "protected mode" to "real mode" because the historical 80286 CPU
>>>    chip had no other way to return to real mode and returning to real
>>> mode
>>>    was needed to invoke BIOS APIs.
>>>
>>> 3.2 Signalling if such a non-wiping boot is desired (for speed or other
>>>    reasons) is officially done by writing a magic value in one of the
>>>    well-known BIOS global addresses, if this global address has not been
>>>    set to one of those magic values, and the global RTC register with
>>>    related semantics have not been so set either, the BIOS (in qemu's
>>>    case SEABIOS) should do the wipe as part of the POST
>>> (Power-On-Self-Test),
>>>    otherwise it should skip that and most other parts of the POST.
>>
>> How does the BIOS do the wipe? Because zeroing out all memory should
>> take some noteiceable time on today's large RAM, even with GHz
>> machines (RAM bus speed has increased far more slowly than typical RAM
>> size, so the time should have been increasing).
>> I can imagine some fast PCI burst transfers to quickly zero memory,
>> but does anybody have realistic data, or information about how it's
>> being done in practice?
>>
> The slowness of manually zeroing and probing all of RAM was the original
> reason for the rule back in 1981.  I suspect modern hardware uses some
> low level trickery in the DRAM interface controller to speed up zeroing
> all DRAM cells.
> 
> 
>