- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks

- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.) Thanks to @friedy10! https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
2025-07-13 17:29:47 +07:00 · 2022-06-29 09:32:55 -04:00
parent adca1ebdf6
commit 38cdf2722b
4 changed files with 30 additions and 1 deletions
--- a/usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
+++ b/usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
@ -0,0 +1,5 @@
+echo "Checking for mounted disks..."
+dmsetup ls --target crypt
+echo "WIPE RAM!"
+/bin/sdmem -f
+echo "WIPE DONE!"