mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-26 18:49:25 -05:00
improvements
This commit is contained in:
parent
87e5f49f8d
commit
6d3a08a936
@ -1,8 +1,33 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo "Checking for mounted disks..."
|
||||
dmsetup ls --target crypt
|
||||
echo "WIPE RAM!"
|
||||
## TODO: remove -f (fast and insecure mode)
|
||||
sdmem -v -f
|
||||
echo "WIPE DONE!"
|
||||
ram_wipe() {
|
||||
info "$0: START: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
|
||||
|
||||
info "$0: Checking if there are still mounted encrypted disks..."
|
||||
|
||||
local dmsetup_actual_output dmsetup_expected_output
|
||||
dmsetup_actual_output="$(dmsetup ls --target crypt)"
|
||||
dmsetup_expected_output="No devices found"
|
||||
|
||||
if [ "$dmsetup_actual_output" = "$dmsetup_expected_output" ]; then
|
||||
info "$0: Success, there are no more mounted encrypted disks, OK."
|
||||
else
|
||||
warn "\
|
||||
$0: There are still mounted encrypted disks! RAM wipe failed!
|
||||
|
||||
debugging information:
|
||||
dmsetup_expected_output: '$dmsetup_expected_output'
|
||||
dmsetup_actual_output: '$dmsetup_actual_output'"
|
||||
return 0
|
||||
fi
|
||||
|
||||
info "$0: Starting RAM wipe..."
|
||||
|
||||
## TODO: sdmem settings. One pass only. Secure? Configurable?
|
||||
sdmem -l -l -f
|
||||
|
||||
info "$0: RAM wipe completed, OK."
|
||||
info "$0: END COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
|
||||
}
|
||||
|
||||
ram_wipe
|
||||
|
Loading…
Reference in New Issue
Block a user