Is RAM Wipe possible inside Whonix? Cold Boot Attack Defense

secure-delete* package name in debian (sdmem: secure-delete memory)

Wipe mode is secure (38 special passes)
Using /dev/urandom for random input.

real 1m40.819s
user 0m0.072s
sys 0m0.163s

Wipe mode is insecure (one pass with 0x00)

real 0m0.503s
user 0m0.008s
sys 0m0.089s

Happen to me, i opened xfce-terminal and start moving it right and left until the screen freezed permanently (play for less than 3 minutes with anything like browse some stuff and open close terminal…).

1 Like

Huge progress has been made.

Implemented by dracut module cold-boot-attack-defense (by security-misc).

Will in near future be available for Kicksecure hosts. Should be easy to port to other Linux distributions.

See design documentation, review welcome:

More documentation, call for testers coming in near future.

1 Like

Future design (additional kexec based RAM wipe) has been elaborated:

I’ll try to assign this task to implement also the future design to a contractor. Hopefully there will be a good news soon.

[systemd-devel] What is the shutdown sequence with systemd and dracut?

Migration from GitHub - Kicksecure/security-misc: Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - to

is in process.

This was done.

This was implemented.

ram-wipe wipes the RAM twice during poweroff/reboot.

  • 1. RAM Wipe Pass 1/2: During poweroff/reboot.
  • 2. RAM Wipe Pass 2/2: It kexec’s into a new kernel for the purpose of overwriting the first kernel’s memory and performs a second ram wipe pass.

A dedicated user documentation wiki page has been created:

If the following feature request gets implemented in memtest86+ that might result in a major security improvement for ram-wipe:

SecureBoot related issues have been fixed.

This is now in all repositories.