From 1ce7b27297bce446fb5726eba1cbb0cd3746fa85 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 29 Jun 2022 16:23:12 -0400 Subject: [PATCH] improvement --- .../40cold-boot-attack-defense/wipe-ram.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh index 47e4777..7722bd7 100755 --- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh +++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh @@ -12,6 +12,7 @@ ram_wipe() { local OLD_DRACUT_QUIET OLD_DRACUT_QUIET="$DRACUT_QUIET" + ## check_quiet should show info in console. DRACUT_QUIET='no' info "$0: Checking if there are still mounted encrypted disks..." @@ -35,15 +36,23 @@ dmsetup_actual_output: '$dmsetup_actual_output'" info "$0: Starting RAM wipe..." + ## - If DRACUT_QUIET previously was set to '', reset to '' for auto detection by check_quiet. + ## - If DRACUT_QUIET previously was set to 'no', reset to 'no' for verbose output. + ## - If DRACUT_QUIET previously was set to 'yes', reset to 'yes' to hide sdmem output, + ## as well as the oom killing at the end. + DRACUT_QUIET="$OLD_DRACUT_QUIET" + ## TODO: sdmem settings. One pass only. Secure? Configurable? sdmem -l -l -f + ## Reset to DRACUT_QUIET='no' so info messages can be shown. + DRACUT_QUIET='no' + info "$0: RAM wipe completed, OK." + info "$0: END: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN" ## Restore to previous value. DRACUT_QUIET="$OLD_DRACUT_QUIET" - - info "$0: END: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN" sleep 3 }