Forgot to add:

Quote from: 123 on April 28, 2020, 05:57:262. Until hardware catches up, rely on pre-boot authentication (Bitlocker TPM+PIN, etc.).

and strictly enforce no device sleep policies - only shutdown or hibernation should be allowed.

I'd like to chime in.

AMD CPUs can and do encrypt RAM, while Intel still don't. RAM encryption on AMD can be disabled via firmware, however, which is just bad. These are the real security problems here, not the removable RAM sticks.

Quote from: _MT_ on April 27, 2020, 09:02:20
Could you elaborate on how would you attack soldered RAM?
If you're not removing the modules, then you need to alter the device (for the purposes of this discussion, I would consider e.g. plugging in a flash drive an alteration). ... Which is where address remapping, secure boot and such come into play.

UEFI & Secure Boot are vulnerable and can be bypassed easily as well. Attacker with physical access is also capable of bypassing firmware defenses e.g. password-protected BIOS & blocked USB device access if they are in place.

Quote from: _MT_ on April 27, 2020, 09:02:20This is one instance where having good maintenance access is a disadvantage. Having the modules on the other side of the motherboard, under the keyboard which can't be taken out from the outside and requires you to essentially disassemble the whole laptop would be an advantage.

Attacker probably knows what he's dealing with, so will just cut the case from the other side, same goes for tamper switches by the way - they are easy to defeat for someone who did their research. Poor maintainability matters to owner, not attacker; attacker probably won't need to reassemble the device after he's done with it.

Quote from: _MT_ on April 27, 2020, 09:02:20
I guess that's also why the Surface Laptop was glued. :D

Soldered RAM and glued chassis reduce manufacturing costs and ease overcharging for top tier SKUs while simultaneously making things worse for device owner, be it individual or enterprise; again, attacker couldn't care less as long as reassembling the device isn't required.

Bottom line,
1. Only RAM encryption (that can't be disabled via firmware) can resolve discussed security problems.
2. Until hardware catches up, rely on pre-boot authentication (Bitlocker TPM+PIN, etc.).
3. Don't trust device manufacturer bullshit. Their sole responsibility is maximizing their profits, not your security.

If someone has psychical access to computer then he can just resolder TPM  module, extract key and then read SSD. In comparison to freezing RAM or TB3 attack its not  only theoretically possible but also proven and require less specialistics tools.

#7 We all know they did same thing  as Apple few years ago with their 'Apple SSD' -  unique format allows them to get more $$ as its hard to find those 2230 drives outside Microsoft.

Quote from: Ilnahro on April 26, 2020, 21:39:41
An attacker sophisticated enough to freeze ram modules and extract data from them would almost certainly be capable of extracting that data off the onboard chips as well.

Could you elaborate on how would you attack soldered RAM? If you're not removing the modules, then you need to alter the device (for the purposes of this discussion, I would consider e.g. plugging in a flash drive an alteration). Thunderbolt is one such option. Another option is to boot into another OS which automatically dumps memory. Etc. Which is where address remapping, secure boot and such come into play. Cooling the modules and reading them is not that technically sophisticated. It's actually simple. All you need is a device capable of reading the module. Like a motherboard capable of hot-plugging RAM (I guess this could be a problem for SO-DIMM). In the past, it was thought impractical IIRC. But tests revealed that RAM actually retains data long enough when cooled. Good luck trying to probe the motherboard and reading it that way. You just might be the first one to accomplish that. And the necessary equipment can't be compared.

This is one instance where having good maintenance access is a disadvantage. Having the modules on the other side of the motherboard, under the keyboard which can't be taken out from the outside and requires you to essentially disassemble the whole laptop would be an advantage. I think they should start using this angle in marketing (what do you say, Lenovo?). :D I guess that's also why the Surface Laptop was glued. :D

Sounds like they never actually tried using Thunderbolt 3. When plugging in a TB3 device to a Windows 10 PC, it won't do a thing unless you authorize it in the "Thunderbolt Control Center". Only after that, it has direct memory access.

Quote from: M$oft on April 26, 2020, 19:06:55
This is one of the stupidest points I've ever seen anyone at Micro$oft make. Soldered ram because "security"? Really?
...
Plus, if "direct memory access" was a concern, why does almost EVERY business laptop on the face of the planet have TB3 besides Microsoft.

Soldering also helps with packaging. I don't care that much about thinness or weight (in a laptop; tablet is a different story), but it's true.

Of course it's a concern. That's why some companies disable it. Just as they did in the past with FireWire. That's why Windows do feature a mitigation just for this attack that utilizes specialized hardware. It just never had very high priority (that hardware got there because of virtualization, not because people were afraid someone might plug in a USB stick and suck out their encryption keys - in no time at all given the speed of Thunderbolt). Some people are simply more security conscious than others, deal with seriously sensitive data or take their obligation to protect data seriously. And security can often come at the cost of convenience, demotivating more casual users. A very simple mitigation was to hibernate rather than sleep or lock when not at your computer. But for some people, saving a few seconds is more important.

A note about TB3... I'm a software developer and a gadget nut so I tend to accumulate hardware.   Having a TB3 egpu setup for charging and external monitors lets me plug and play any of my computers as my desktop with a single cable.   It also means I don't have to worry about GPU obsolescence as one card upgrade serves all my computers. 

USB-C can't do egpu...  so my external monitors don't work.  There is no way to hook up a GPU to the surface without TB3...    using it with my desktop requires a separate dock just for it...   so it becomes a choice, do i setup my desktop for everything else or just my surface?   the surface loses that argument... so it never gets bought in the first place.   

The PCIe/Thunderbolt issue feels like something that should and could be easily fixed in Windows (by requiring confirmation and/or authentication during connection). The RAM issue feels like a cheap excuse. An attacker sophisticated enough to freeze ram modules and extract data from them would almost certainly be capable of extracting that data off the onboard chips as well. There is something to be said for the space saving from onboard vs SO-DIMM modules and RAM isn't exactly a moving part that frequently fails, so I don't have a massive issue with it from a repairability perspective. But it does conveniently offer an opportunity to easily increase their profit margin. I'm sure that plays at least some role.

On a side note, most of Microsoft employees use ThinkPads.

This is one of the stupidest points I've ever seen anyone at Micro$oft make. Soldered ram because "security"? Really? No, the only reason Microsoft is doing this is so that when their stuff breaks you have to buy from them and nobody else. This isn't a matter of security, it's a matter of profits.

Same for the TB3 issue. Microsoft sells proprietary accessories for the surface machines. Can't make money off them if people can just buy a TB3 GPU for their surface book. Plus, if "direct memory access" was a concern, why does almost EVERY business laptop on the face of the planet have TB3 besides Microsoft. This sounds like a bunch of marketing BS to cover up Microsoft's greediness.

Quote from: Mate on April 26, 2020, 17:16:04
Exactly. They also introduced new NVMe SSD format(2230) in Surface Laptop cause of security reasons as profits from selling overpriced storage would be threatened.

If you look at the internal construction with those "cans" everywhere, it's not surprising they wanted it as small as possible.

It's true that Thunderbolt does have this weakness. Just as FireWire. It's good for performance, bad for security (without appropriate countermeasures). And it's also true that soldering RAM effectively prevents cold boot attack. I would think their reasons were more pragmatic (they love backward compatibility and the connector and dock are pretty nifty, I must say). For one, it's possible to give users the choice to disable it (and even ship it like that by default). It's possible to use memory management unit to ensure that a device can only access its own section of memory. And Windows do feature protection against this attack (from version 1803 I believe) - remapping addresses where possible, blocking devices where not possible if the screen is locked. So, I think they could have included a Thunderbolt port if only they wanted to.

I don't think the biggest problem is repairability or upgradeability. I think it's the pricing. It's miles off what modules cost to consumers. They're creating a situation where you might want to buy more than you need on one hand and they make it much more expensive on the other hand. At normal market prices, it wouldn't really bother me.

Exactly. They also introduced new NVMe SSD format(2230) in Surface Laptop cause of security reasons as profits from selling overpriced storage would be threatened.

I don't care if its soldered or not until upgrading the model to 256 GB from 128 GB did not cost me additional $300..... its most crazy bullshit I see. The same with ram etc.
About the TB3 -- I never understood the revolution. I can plug 4K screen via USB-C too, I can plug adapters, and all the things.
For eGPU... I have never seen any in life -- expensive as for PSU and little case too.

I find it more likely that given the limited number of PCIE lanes on U series chips and their proprietary dock likely using some...   it became an either or choice and they chose their dock so existing users wouldn't be pissed off that their dock didn't work with the new surface.   

Yet if this is true...   its unfortunate as the Surface will be off my device list indefinitely.