- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks

- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)

Thanks to @friedy10!

https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem

https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596

debian/control

@@ -15,7 +15,8 @@ Rules-Requires-Root: no
 Package: security-misc
 Architecture: all
 Depends: python3, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin,
- apparmor-profile-dist, helper-scripts, libpam-modules-bin, ${misc:Depends}
+ apparmor-profile-dist, helper-scripts, libpam-modules-bin,
+ secure-delete, dmsetup, ${misc:Depends}
 Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest
 Description: Enhances Miscellaneous Security Settings
  https://github.com/Whonix/security-misc/blob/master/README.md