Checking job queue instead of dbus

2024-12-23 01:33:35 +07:00 · 2023-01-06 21:32:57 -05:00 · 2023-01-06 21:32:57 -05:00 · 7cf51a1b43
commit 7cf51a1b43
parent 4b7053a635
3 changed files with 29 additions and 21 deletions
--- a/lib/systemd/system/cold-boot-attack-defense-kexec-prepare.service
+++ b/lib/systemd/system/cold-boot-attack-defense-kexec-prepare.service
@ -7,6 +7,7 @@ Description=https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense

 [Service]
 Type=oneshot
+RemainAfterExit=yes
 ExecStart=/bin/true
 ExecStop=/usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare

--- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh
+++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh
@ -15,6 +15,10 @@ ram_wipe_check_needshutdown() {
   if [ "$wipe_action" = "reboot" ]; then
      reboot -f
   fi
+   
+   if [ "$wipe_action" = "kexec" ]; then
+      reboot -f
+   fi

   if [ "$wipe_action" = "poweroff" ]; then
      poweroff -f
@ -23,6 +27,12 @@ ram_wipe_check_needshutdown() {
   if [ "$wipe_action" = "halt" ]; then
      halt -f
   fi
+   
+   if [ "$wipe_action" = "error" ]; then
+	   echo "Choice of shutdown option led to an error. Shutting down..."
+	   sleep 5
+	   poweroff -f
+   fi
 }

 ram_wipe_check_needshutdown
--- a/usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare
+++ b/usr/libexec/security-misc/cold-boot-attack-defense-kexec-prepare
@ -30,26 +30,23 @@ else
 fi


-dbus-monitor --system  |
-    while read -r line; do
-         if [[ $line =~ .*"poweroff.target".* ]]; then
-	    kexec -l $kernel --initrd=$initrd --reuse-cmdline --append="wiperamexit=yes wiperamaction=poweroff"
-	    break
-	 fi
+if   systemctl list-jobs | grep "poweroff.target" | grep -q "start"; then
+	wram="yes"
+	wact="poweroff"
+elif systemctl list-jobs | grep "reboot.target" | grep -q "start"; then
+	wram="yes"
+	wact="reboot"
+elif systemctl list-jobs | grep "halt.target" | grep -q "start"; then
+	wram="yes"
+	wact="halt"
+elif systemctl list-jobs | grep "kexec.target" | grep -q "start"; then
+	wram="yes"
+	wact="kexec"
+else
+	echo "Error no shutdown option found!"
+	wram="yes"
+	wact="error"
+fi

-         if [[ $line =~ .*"reboot.target".* ]]; then
-	    kexec -l $kernel --initrd=$initrd --reuse-cmdline --append="wiperamexit=yes wiperamaction=reboot"
-	    break
-	 fi
-	 
-	 if [[ $line =~ .*"halt.target".* ]]; then
-	    kexec -l $kernel --initrd=$initrd --reuse-cmdline --append="wiperamexit=yes wiperamaction=halt"
-	    break
-	 fi
-         
-	 if [[ $line =~ .*"kexec.target".* ]]; then
-	    kexec -l $kernel --initrd=$initrd --reuse-cmdline --append="wiperamexit=yes wiperamaction=reboot"
-	    break
-	 fi
-    done
+kexec -l /boot/vmlinuz-$(uname -r) --initrd=/boot/initrd.img-$(uname -r) --reuse-cmdline --append="wiperamexit=$wram wiperamaction=$wact"