mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-01-09 22:57:53 +07:00
34 lines
932 B
Bash
Executable File
34 lines
932 B
Bash
Executable File
#!/bin/sh
|
|
|
|
ram_wipe() {
|
|
info "$0: START: COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
|
|
|
|
info "$0: Checking if there are still mounted encrypted disks..."
|
|
|
|
local dmsetup_actual_output dmsetup_expected_output
|
|
dmsetup_actual_output="$(dmsetup ls --target crypt)"
|
|
dmsetup_expected_output="No devices found"
|
|
|
|
if [ "$dmsetup_actual_output" = "$dmsetup_expected_output" ]; then
|
|
info "$0: Success, there are no more mounted encrypted disks, OK."
|
|
else
|
|
warn "\
|
|
$0: There are still mounted encrypted disks! RAM wipe failed!
|
|
|
|
debugging information:
|
|
dmsetup_expected_output: '$dmsetup_expected_output'
|
|
dmsetup_actual_output: '$dmsetup_actual_output'"
|
|
return 0
|
|
fi
|
|
|
|
info "$0: Starting RAM wipe..."
|
|
|
|
## TODO: sdmem settings. One pass only. Secure? Configurable?
|
|
sdmem -l -l -f
|
|
|
|
info "$0: RAM wipe completed, OK."
|
|
info "$0: END COLD BOOT ATTACK DEFENSE - RAM WIPE ON SHUTDOWN"
|
|
}
|
|
|
|
ram_wipe
|