diff --git a/README.md b/README.md index 0e1cf1b..33cb7d0 100644 --- a/README.md +++ b/README.md @@ -398,37 +398,6 @@ information that shouldn't be accessible to unprivileged users. As this will break many things, it is disabled by default and can optionally be enabled by executing `systemctl enable hide-hardware-info.service` as root. -## Cold Boot Attack Defense - -Wiping RAM at shutdown to defeat cold boot attacks. - -Implemented as `dracut` module `cold-boot-attack-defense`. - -Requires `dracut`. In other words, RAM wipe is incompatible with systems -using `initramfs-tools`. To switch to, install dracut: - - sudo apt update - sudo apt install --no-install-recommends dracut - -`dracut` is intentionally not declared as a dependency of `security-misc` to -avoid making all of `security-misc` dependent on `dracut` only for the sake of -the wipe RAM at shutdown feature. Linux distribution such as Kicksecure are -advised to (and Kicksecure is planning to) install `dracut` instead of -`initramfs-tools` by default. - -Only tested on `systemd` enabled systems. - -User documentation: -https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense - -Design documentation: -https://www.kicksecure.com/wiki/Dev/RAM_Wipe - -Source code: - -* `/usr/lib/dracut/modules.d/40cold-boot-attack-defense` -* `/etc/default/grub.d/40_cold_boot_attack_defense.cfg` - ## miscellaneous * hardened malloc compatibility for haveged workaround