mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 16:59:27 -05:00
migrate ram-wipe to dedicated package
This commit is contained in:
parent
ad5d0d4b12
commit
6faa050dd8
31
README.md
31
README.md
@ -398,37 +398,6 @@ information that shouldn't be accessible to unprivileged users. As this will
|
||||
break many things, it is disabled by default and can optionally be enabled by
|
||||
executing `systemctl enable hide-hardware-info.service` as root.
|
||||
|
||||
## Cold Boot Attack Defense
|
||||
|
||||
Wiping RAM at shutdown to defeat cold boot attacks.
|
||||
|
||||
Implemented as `dracut` module `cold-boot-attack-defense`.
|
||||
|
||||
Requires `dracut`. In other words, RAM wipe is incompatible with systems
|
||||
using `initramfs-tools`. To switch to, install dracut:
|
||||
|
||||
sudo apt update
|
||||
sudo apt install --no-install-recommends dracut
|
||||
|
||||
`dracut` is intentionally not declared as a dependency of `security-misc` to
|
||||
avoid making all of `security-misc` dependent on `dracut` only for the sake of
|
||||
the wipe RAM at shutdown feature. Linux distribution such as Kicksecure are
|
||||
advised to (and Kicksecure is planning to) install `dracut` instead of
|
||||
`initramfs-tools` by default.
|
||||
|
||||
Only tested on `systemd` enabled systems.
|
||||
|
||||
User documentation:
|
||||
https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
|
||||
|
||||
Design documentation:
|
||||
https://www.kicksecure.com/wiki/Dev/RAM_Wipe
|
||||
|
||||
Source code:
|
||||
|
||||
* `/usr/lib/dracut/modules.d/40cold-boot-attack-defense`
|
||||
* `/etc/default/grub.d/40_cold_boot_attack_defense.cfg`
|
||||
|
||||
## miscellaneous
|
||||
|
||||
* hardened malloc compatibility for haveged workaround
|
||||
|
Loading…
Reference in New Issue
Block a user