2022-07-05 10:28:22 -04:00
|
|
|
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2022-07-05 10:45:09 -04:00
|
|
|
## Wiping RAM at shutdown to defeat cold boot attacks.
|
|
|
|
|
##
|
2022-07-05 10:44:28 -04:00
|
|
|
## RAM wipe is enabled by default on host operating systems, real hardware.
|
2022-07-05 10:28:22 -04:00
|
|
|
## RAM wipe is disabled by in virtual machines (VMs).
|
2022-07-05 10:42:37 -04:00
|
|
|
##
|
|
|
|
|
## User documentation:
|
|
|
|
|
## https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
|
|
|
|
|
##
|
|
|
|
|
## Design documentation:
|
2022-07-05 10:28:22 -04:00
|
|
|
## https://www.kicksecure.com/wiki/Dev/RAM_Wipe
|
|
|
|
|
|
|
|
|
|
## RAM wipe is omitted in virtual machines (VMs) by default because it is
|
|
|
|
|
## unclear if that could actually lead to the host operating system using
|
|
|
|
|
## swap. Through use of kernel parameter wiperam=force it is possible to
|
|
|
|
|
## force RAM wipe inside VMs which is useful for testing, development purposes.
|
2022-07-05 10:44:28 -04:00
|
|
|
## There is no additional security benefit by the wiperam=force setting
|
|
|
|
|
## for host operating systems.
|
2022-07-05 10:28:22 -04:00
|
|
|
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
|
|
|
|
|
|
|
|
|
|
## Kernel parameter wiperam=skip is provided to support disabling RAM wipe
|
|
|
|
|
## at shutdown, which might be useful to speed up shutdown or in case should
|
|
|
|
|
## there ever be issues.
|
|
|
|
|
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=skip"
|
