add /etc/default/grub.d/40_cold_boot_attack_defense.cfg

2025-01-11 21:09:28 -05:00 · 2022-07-05 10:28:22 -04:00 · 2022-07-05 10:28:22 -04:00 · b342ce930e
commit b342ce930e
parent 69af8be7b8
1 changed files with 17 additions and 0 deletions
--- a/etc/default/grub.d/40_cold_boot_attack_defense.cfg
+++ b/etc/default/grub.d/40_cold_boot_attack_defense.cfg
@ -0,0 +1,17 @@
+## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## RAM wipe is enabled by default on real hardware / bare metal.
+## RAM wipe is disabled by in virtual machines (VMs).
+## https://www.kicksecure.com/wiki/Dev/RAM_Wipe
+
+## RAM wipe is omitted in virtual machines (VMs) by default because it is
+## unclear if that could actually lead to the host operating system using
+## swap. Through use of kernel parameter wiperam=force it is possible to
+## force RAM wipe inside VMs which is useful for testing, development purposes.
+#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
+
+## Kernel parameter wiperam=skip is provided to support disabling RAM wipe
+## at shutdown, which might be useful to speed up shutdown or in case should
+## there ever be issues.
+#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=skip"