mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 14:39:28 -05:00
migrate to ram-wipe package
This commit is contained in:
parent
3867acf723
commit
87c4e77c01
3
debian/security-misc.maintscript
vendored
3
debian/security-misc.maintscript
vendored
@ -37,3 +37,6 @@ rm_conffile /etc/modprobe.d/30_nf_conntrack_helper_disable.conf
|
|||||||
|
|
||||||
## renamed to /etc/security/limits.d/30_security-misc.conf
|
## renamed to /etc/security/limits.d/30_security-misc.conf
|
||||||
rm_conffile /etc/security/limits.d/disable-coredumps.conf
|
rm_conffile /etc/security/limits.d/disable-coredumps.conf
|
||||||
|
|
||||||
|
## moved to separate package ram-wipe
|
||||||
|
/etc/default/grub.d/40_cold_boot_attack_defense.cfg
|
||||||
|
@ -1,29 +0,0 @@
|
|||||||
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
||||||
## See the file COPYING for copying conditions.
|
|
||||||
|
|
||||||
## Wiping RAM at shutdown to defeat cold boot attacks.
|
|
||||||
##
|
|
||||||
## RAM wipe is enabled by default on host operating systems, real hardware.
|
|
||||||
## RAM wipe is disabled by in virtual machines (VMs).
|
|
||||||
##
|
|
||||||
## Most users should not make any modifications to this config file because
|
|
||||||
## there is no need for that.
|
|
||||||
##
|
|
||||||
## User documentation:
|
|
||||||
## https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
|
|
||||||
##
|
|
||||||
## Design documentation:
|
|
||||||
## https://www.kicksecure.com/wiki/Dev/RAM_Wipe
|
|
||||||
|
|
||||||
## RAM wipe is omitted in virtual machines (VMs) by default because it is
|
|
||||||
## unclear if that could actually lead to the host operating system using
|
|
||||||
## swap. Through use of kernel parameter wiperam=force it is possible to
|
|
||||||
## force RAM wipe inside VMs which is useful for testing, development purposes.
|
|
||||||
## There is no additional security benefit by the wiperam=force setting
|
|
||||||
## for host operating systems.
|
|
||||||
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
|
|
||||||
|
|
||||||
## Kernel parameter wiperam=skip is provided to support disabling RAM wipe
|
|
||||||
## at shutdown, which might be useful to speed up shutdown or in case should
|
|
||||||
## there ever be issues.
|
|
||||||
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=skip"
|
|
Loading…
Reference in New Issue
Block a user