486
you are viewing a single comment's thread
view the rest of the comments
[-] unexposedhazard@discuss.tchncs.de 23 points 4 weeks ago* (last edited 4 weeks ago)

The article isnt very clear on this, but did they actually remove a critical feature from already sold products? Surely they can be sued for that?

[-] frongt@lemmy.zip 76 points 4 weeks ago* (last edited 4 weeks ago)

Tom's is trash and should be banned. The original Ars article it mentions is better: https://arstechnica.com/security/2026/06/users-cry-foul-after-amd-stripped-memory-crypto-from-its-consumer-cpus/

Sounds like it was never really supported, but available. With the new BIOS update it's no longer available.

[-] Mihies@programming.dev 33 points 4 weeks ago

If that's the case, AMD shouldn't have problems saying so. Although it's still a very bad move from their part.

[-] frongt@lemmy.zip 13 points 4 weeks ago

I suspect lawyers are involved.

[-] Mihies@programming.dev 9 points 4 weeks ago

Probably. Also PR to limit damages.

[-] WhyJiffie@sh.itjust.works 5 points 4 weeks ago

PR is just socially accepted lies

[-] MalReynolds@slrpnk.net 18 points 4 weeks ago

Eh, it protects against a certain class of attack when the attacker has physical access e.g. reading memory with memory probes while the computer is (still) on to get passwords etc., i.e. sophisticated attackers like customs, FBI. If they have physical access you're probably hosed anyway, but if you have the presence of mind to shut the machine off (not sleep, hard off if needed) memory encryption becomes irrelevant.

[-] frongt@lemmy.zip 13 points 4 weeks ago

That is not correct. Data can persist in RAM even when powered off, especially if the sticks are frozen. https://en.wikipedia.org/wiki/Cold_boot_attack

[-] Janx@piefed.social 13 points 4 weeks ago

Isn't that attack only viable within minutes of a machine being powered down? That seems like a huge caveat...

[-] Passerby6497@lemmy.world 5 points 4 weeks ago

Isn't that attack only viable within minutes of a machine being powered down?

Not even, try seconds at most.

All things considered, a cold boot attack is only remotely feasible if the system is powered on when the attack begins. If it's powered off for any length of time, your memory will have decayed past the point of it being usable for the attack.

[-] Passerby6497@lemmy.world 8 points 4 weeks ago* (last edited 4 weeks ago)

That actually is correct, because if you power your system down ahead of time, this attack is meaningless since there is only a VERY short window where this attack works. From your link:

Attackers execute cold boot attacks by forcefully and abruptly rebooting a target machine and then booting a pre-installed operating system from a USB flash drive, CD-ROM or over the network.

If your attacker only has your cold machine that's been off since well before you hit the checkpoint, they can't do shit with that attack. At best they can boot the system up to verify your system operates as intended, but you don't have to provide any of the credentials to finish booting or unlock the TPM to load the key material into memory.

[-] chameleon@fedia.io 5 points 4 weeks ago

To add to that, even the original paper written with 1999-2007 era SDRAM/DDR/DDR2 is not optimistic about the scenario of a machine that was already powered down at regular operating temperatures:

with the fastest exhibiting complete data loss in approximately 2.5 seconds and the slowest taking an average of 35 seconds

And that only got worse with more advanced RAM, not to mention that they lost almost all of the data far quicker than that with only a couple % of bits surviving that long. For all practical intents and purposes, cold boot against an already-powered-down machine is a myth, the cooling has to be applied while it's on.

[-] MalReynolds@slrpnk.net 6 points 4 weeks ago

Ah, thanks, I stand corrected. Still a good practice.

[-] Passerby6497@lemmy.world 3 points 4 weeks ago

FYI, the cold boot attack is only viable for a handful of seconds before your memory decays enough for it to be worthless for that attack.

Powering your system down yourself prevents this. Just make sure your system doesn't have fastboot enabled or hibernates instead of a true power off.

[-] leftascenter@jlai.lu 1 points 4 weeks ago
this post was submitted on 18 Jun 2026
486 points (97.5% liked)

Technology

86401 readers
2776 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS