security-misc/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh

45 lines
1.5 KiB
Bash
Raw Normal View History

#!/bin/sh
2022-06-29 15:24:27 -04:00
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
2022-06-29 15:19:56 -04:00
## See the file COPYING for copying conditions.
2022-07-02 15:32:42 -04:00
type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
ram_wipe_check_needshutdown() {
local OLD_DRACUT_QUIET
OLD_DRACUT_QUIET="$DRACUT_QUIET"
DRACUT_QUIET='no'
local kernel_wiperam_setting
kernel_wiperam_setting=$(getarg wiperam)
if [ "$kernel_wiperam_setting" = "skip" ]; then
info "wipe-ram-needshutdown.sh: Skip, because wiperam=skip kernel parameter detected, OK."
DRACUT_QUIET="$OLD_DRACUT_QUIET"
return 0
fi
if [ "$kernel_wiperam_setting" = "force" ]; then
info "wipe-ram-needshutdown.sh: wiperam=force detected, OK."
else
2022-07-02 15:50:59 -04:00
detect_virt_output="$(systemd-detect-virt 2>&1)"
detect_virt_exit_code="$?"
info "wipe-ram-needshutdown.sh: detect_virt_output: '$detect_virt_output'"
info "wipe-ram-needshutdown.sh: detect_virt_exit_code: '$detect_virt_exit_code'"
if [ "$detect_virt_exit_code" = "0" ]; then
2022-07-02 15:45:19 -04:00
info "wipe-ram-needshutdown.sh: Skip, because running inside a VM detected and not using wiperam=force kernel parameter, OK."
DRACUT_QUIET="$OLD_DRACUT_QUIET"
return 0
fi
2022-07-02 15:45:19 -04:00
info "wipe-ram-needshutdown.sh: Bare metal (not running inside a VM) detected, OK."
fi
info "wipe-ram-needshutdown.sh: Calling dracut function need_shutdown to drop back into initramfs at shutdown, OK."
need_shutdown
DRACUT_QUIET="$OLD_DRACUT_QUIET"
return 0
}
ram_wipe_check_needshutdown