You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m happy to get feedback on this to identity any issues or improvements!
But there is no comment section on that particular article
And no contacts mentioned on the whole website
So I hope it is appropriate to give feedback here, the Github project correlating to that article.
You are or may be wrong about some things
Standby and Hibernation are synonyms
In Apple's lingo Standby and Hibernation are not two different states. But instead synonyms for the same thing.
Take that into consideration, and you will have to update multiple parts and assumptions in your article.
Memory is written to the hibernatefile immediately when sleep is triggered
You wrote:
Standby or Safe Sleep: Memory state is written to disk and after a certain period memory power is turned off (standard 3 hours)
Regarding when the hibernation image is written, the manpage of pmset sadly is ambiguous:
man pmset indicating this happens only when transiting from sleep to standby
standbydelayhigh and standbydelaylow specify the delay, in seconds, before writing
the hibernation image to disk and powering off memory for Standby.
man pmset indicating this happens already when transiting from wake to sleep
hibernatemode = 3 by default on portables. The system will store a copy of memory to
persistent storage (the disk), and will power memory during sleep. The system will
wake from memory, unless a power loss forces it to restore from hibernate image.
So that when the Mac transists from sleep (off are: screen, SSD, radios) into standby (off: everything except the real time clock) that sleepimage IS ready for the Mac.
Ofc this results in more write cycles to the SSD (at max the full RAM to SSD on each sleep) but on the other side it ensures that the Mac can resume correctly, whatever happens after the initial sleep: e.g. sudden battery voltage drop, sleep far longer than usually until battery gets sucked dry.
Technically it could be maybe possible to perform a reduced wakeup, a so called "Dark Wake" and only perform the write when getting closer a more problematic battery situation, but the manpage very clearly states that it writes the hibernation file immediately on sleep. And I take this as the most official documentation.
SMC and NVRAM reset
I do not know whether this is really necessary as a preparation.
pmset is a software interface to the SMC.
So resetting the values via pmset alone should usually do it too.
But yeah, if you want a "full clean state" with high certainty, then yes.
Praise
Warning of the tempting but not working setup of a balanced combo of quick and convenient sleep/wake with remaining coldboot attack risk plus throwing away keys only when the Mac is left alone long enough that it enters standby
It is very tempting to try to get the best of both worlds: both sleep to memory for a while, then throw the key and hibernate to disk. The logical way of doing this is to combine standbydelay with hibernatemode 3 and destroyfvkeyonstandby. THIS WILL NOT WORK!!!! Don’t waste your time. The reason is that there is no setting to keep the key while sleeping to memory and hibernating, the key is thrown away the moment it goes into sleep and will cause your Mac to crash.
Nevertheless I do not yet fully trust you on this, due to your confusion of standby and hibernation as two separate concepts, although just being synonyms. I may update you on this, when I concluded thorough testing.
pmset + egrep 'Entering|Wake from' gives you a complete sleep/wake sequence
I learned that from your scripts.
Thanks for the practical hint!
I made myself some alias-mini-scripts from this in ~/.oh-my-zsh/custom/aliases.zsh:
alias pmlog="cat ~/Documents/Logs/pmset.log | egrep 'Entering|Wake from' | less -i +G"alias pmraw="cat ~/Documents/Logs/pmset.log | less -i +G"alias pmupdate="pwOld=\$(pwd) ; cd ~/Documents/Logs/ ; echo Updating log backup… ; pmset -g log >> pmset.log ; echo Cleanup of duplicate lines in log backup… ; sort pmset.log | uniq > pmset-uniq.log ; rm pmset.log; mv pmset-uniq.log pmset.log ; echo Done. ; cd \$pwOld"
The text was updated successfully, but these errors were encountered:
At your article https://stuff.greger.io/2017/08/secure-mac-osx-sleep.html you end with:
You are or may be wrong about some things
Standby and Hibernation are synonyms
In Apple's lingo Standby and Hibernation are not two different states. But instead synonyms for the same thing.
Memory is written to the hibernatefile immediately when sleep is triggered
You wrote:
Regarding when the hibernation image is written, the manpage of pmset sadly is ambiguous:
man pmset indicating this happens only when transiting from sleep to standby
man pmset indicating this happens already when transiting from wake to sleep
SMC and NVRAM reset
Praise
Warning of the tempting but not working setup of a balanced combo of quick and convenient sleep/wake with remaining coldboot attack risk plus throwing away keys only when the Mac is left alone long enough that it enters standby
Nevertheless I do not yet fully trust you on this, due to your confusion of standby and hibernation as two separate concepts, although just being synonyms. I may update you on this, when I concluded thorough testing.
pmset + egrep 'Entering|Wake from' gives you a complete sleep/wake sequence
~/.oh-my-zsh/custom/aliases.zsh:The text was updated successfully, but these errors were encountered: