## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## NOTE: ## This configuration is in a dedicated file because the ram-wipe package ## requires kexec. However, ram-wipe cannot ship a config file ## /etc/sysctl.d/40_ram-wipe.conf that sets 'kernel.kexec_load_disabled=0'. ## Once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1', ## it cannot be undone without a reboot. This is an upstream Linux security feature. ## Instead, ram-wipe will config-package-dev 'hide' this file. ## Disables kexec, which can be used to replace the running kernel. ## Useful for live kernel patching without rebooting. ## ## https://en.wikipedia.org/wiki/Kexec ## ## KSPP=yes ## KSPP sets the sysctl and does not set CONFIG_KEXEC. ## kernel.kexec_load_disabled=1