From 036f518ddc067461979f5b61a576b7f74b7c6e65 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Thu, 30 Jun 2022 13:56:29 -0400
Subject: [PATCH] improvement

---
 .../40cold-boot-attack-defense/wipe-ram.sh    | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
index 7de4c67..8ea64a1 100755
--- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
+++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
@@ -18,7 +18,17 @@ ram_wipe() {
       return 0
    fi
 
-   info "wipe-ram.sh: START: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
+   info "wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..."
+
+   ## TODO: sdmem settings. One pass only. Secure? Configurable?
+   sdmem -l -l -v
+
+   info "wipe-ram.sh: RAM wipe completed, OK."
+
+   ## In theory might be better to check this beforehand, but the test is
+   ## really fast. The user has no chance of reading the console output
+   ## without introducing an artificial delay because the sdmem which runs
+   ## after this, results in much more console output.
    info "wipe-ram.sh: Checking if there are still mounted encrypted disks..."
 
    local dmsetup_actual_output dmsetup_expected_output
@@ -34,18 +44,8 @@ wipe-ram.sh: There are still mounted encrypted disks! RAM wipe failed!
 debugging information:
 dmsetup_expected_output: '$dmsetup_expected_output'
 dmsetup_actual_output: '$dmsetup_actual_output'"
-      sleep 5
-      return 0
    fi
 
-   info "wipe-ram.sh: Starting RAM wipe..."
-
-   ## TODO: sdmem settings. One pass only. Secure? Configurable?
-   sdmem -l -l -v
-
-   info "wipe-ram.sh: RAM wipe completed, OK."
-   info "wipe-ram.sh: END: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
-
    ## Restore to previous value.
    DRACUT_QUIET="$OLD_DRACUT_QUIET"
    sleep 3