From c0b5fea6806ea07b667a341b2400aacb7191b27f Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Sat, 7 Jan 2023 15:59:52 -0500
Subject: [PATCH] protect against wipe RAM reboot loop

---
 .../modules.d/40cold-boot-attack-defense/wipe-ram.sh       | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
index a3f432c..ef0ac06 100755
--- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
+++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
@@ -36,6 +36,12 @@ ram_wipe() {
       fi
    fi
 
+   kernel_wiperamexit_setting=$(getarg wiperamexit)
+   if [ "$kernel_wiperamexit_setting" = "yes" ]; then
+      warn "wipe-ram.sh: Skip, because wiperamexit=yes to avoid RAM wipe reboot loop."
+      return 0
+   fi
+
    info "wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..."
 
    drop_caches
@@ -73,6 +79,7 @@ dmsetup_actual_output: '$dmsetup_actual_output'"
       sleep 5
    fi
 
+   info "wipe-ram.sh: Now running kexec --exec..."
    if kexec --exec ; then
       info "wipe-ram.sh: kexec --exec succeeded."
       return 0