mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-29 12:26:10 -05:00
30 lines
1.3 KiB
INI
30 lines
1.3 KiB
INI
## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Wiping RAM at shutdown to defeat cold boot attacks.
|
|
##
|
|
## RAM wipe is enabled by default on host operating systems, real hardware.
|
|
## RAM wipe is disabled by in virtual machines (VMs).
|
|
##
|
|
## Most users should not make any modifications to this config file because
|
|
## there is no need for that.
|
|
##
|
|
## User documentation:
|
|
## https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
|
|
##
|
|
## Design documentation:
|
|
## https://www.kicksecure.com/wiki/Dev/RAM_Wipe
|
|
|
|
## RAM wipe is omitted in virtual machines (VMs) by default because it is
|
|
## unclear if that could actually lead to the host operating system using
|
|
## swap. Through use of kernel parameter wiperam=force it is possible to
|
|
## force RAM wipe inside VMs which is useful for testing, development purposes.
|
|
## There is no additional security benefit by the wiperam=force setting
|
|
## for host operating systems.
|
|
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
|
|
|
|
## Kernel parameter wiperam=skip is provided to support disabling RAM wipe
|
|
## at shutdown, which might be useful to speed up shutdown or in case should
|
|
## there ever be issues.
|
|
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=skip"
|