From 6faa050dd8d26bd6436688b32bbc7a6515f9cb14 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 9 Jan 2023 06:54:04 -0500 Subject: [PATCH] migrate ram-wipe to dedicated package --- README.md | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/README.md b/README.md index 0e1cf1b..33cb7d0 100644 --- a/README.md +++ b/README.md @@ -398,37 +398,6 @@ information that shouldn't be accessible to unprivileged users. As this will break many things, it is disabled by default and can optionally be enabled by executing `systemctl enable hide-hardware-info.service` as root. -## Cold Boot Attack Defense - -Wiping RAM at shutdown to defeat cold boot attacks. - -Implemented as `dracut` module `cold-boot-attack-defense`. - -Requires `dracut`. In other words, RAM wipe is incompatible with systems -using `initramfs-tools`. To switch to, install dracut: - - sudo apt update - sudo apt install --no-install-recommends dracut - -`dracut` is intentionally not declared as a dependency of `security-misc` to -avoid making all of `security-misc` dependent on `dracut` only for the sake of -the wipe RAM at shutdown feature. Linux distribution such as Kicksecure are -advised to (and Kicksecure is planning to) install `dracut` instead of -`initramfs-tools` by default. - -Only tested on `systemd` enabled systems. - -User documentation: -https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense - -Design documentation: -https://www.kicksecure.com/wiki/Dev/RAM_Wipe - -Source code: - -* `/usr/lib/dracut/modules.d/40cold-boot-attack-defense` -* `/etc/default/grub.d/40_cold_boot_attack_defense.cfg` - ## miscellaneous * hardened malloc compatibility for haveged workaround