Removing RTC from Theft-Deterrence

C. Scott Ananian cscott at
Wed Jul 7 17:06:34 EDT 2010

On Wed, Jul 7, 2010 at 4:01 PM, C. Scott Ananian <cscott at> wrote:
>  * Updating exactly every hour is vulnerable to an attacker who
> arranges to remove the battery from the machine exactly 55 minutes
> after power on, every time.  This is still quite awkward, but to avoid
> even this attack, the EC can pseudo-randomly decide exactly when to
> update the EC based on a random seed passed in from OFW from the
> Geode's HWRNG, with an *average* interval of an hour.  We probably
> don't have to perform this extra trickery if we just shorten the
> interval to 6 minutes or so, but the means that the EC's EEPROM will
> wear out at the end of the 5 year service life of the machine.  We can
> probably detect this condition (EEPROM no longer writes reliably) and
> just disable passive kill security at this point, though, which might
> be nice for freedom-loving reasons.

2010 thoughts: I like the idea of pseudo-random updates.  Having a
uniform 1/60 probability of update every minute makes powering off as
a circumvention mechanism pointless, while reducing EEPROM writes.  A
very simple linear feedback shift register for generating
pseudo-random bits would be sufficient, since the inputs and outputs
of the system are hidden.

                         ( )

More information about the Devel mailing list