## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Wiping RAM at shutdown to defeat cold boot attacks.
##
## RAM wipe is enabled by default on host operating systems, real hardware.
## RAM wipe is disabled by in virtual machines (VMs).
##
## Most users should not make any modifications to this config file because
## there is no need for that.
##
## User documentation:
## https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
##
## Design documentation:
## https://www.kicksecure.com/wiki/Dev/RAM_Wipe

## RAM wipe is omitted in virtual machines (VMs) by default because it is
## unclear if that could actually lead to the host operating system using
## swap. Through use of kernel parameter wiperam=force it is possible to
## force RAM wipe inside VMs which is useful for testing, development purposes.
## There is no additional security benefit by the wiperam=force setting
## for host operating systems.
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"

## Kernel parameter wiperam=skip is provided to support disabling RAM wipe
## at shutdown, which might be useful to speed up shutdown or in case should
## there ever be issues.
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=skip"