Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks

[adrelanos]

Purpose of this pull request: Receiving some early feedback if this approach looks acceptable.

• Work in progress.
• Console output are yet to be improved and documentation written.
• Untested by me. Will test soon.
• Tests I am not sure yet how this could realistically be tested.

Changes

• Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
• Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks.

Checklist

• I have tested it locally
• I have reviewed and updated any documentation if relevant
• I am providing new code and test(s) for it

Fixes #997

[pvalena]

@lnykryn WDYT?

[pvalena]

You should probably depend on this properly.

[pvalena]

This as well.

[adrelanos]

I didn't update this PR yet.

Meanwhile the code has developed a lot further . It is now being tested by me in Kicksecure. The required depend was already added.

I would very much like if dracut was interested to merge (upstream) this functionality.

Here's the code that I have so far:

• https://github.com/Kicksecure/security-misc/tree/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense
• https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/module-setup.sh
• https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh
• https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh

Design documentation:
https://www.kicksecure.com/wiki/Dev/RAM_Wipe

General user documentation on cold boot attacks:
https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense

A related issue is #1862 that's why I am currently using echo "..." > /dev/kmsg but that surely can be resolved.

Whatever seems required to upstream, I'd be happy to modify the code to the best of my abilities and/or licensing to accommodate dracut because I very much appreciate dracut and would like this feature to be easily, widely available. (Not only in Kicksecure.)

[stale]

This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions.

[LaszloGombos]

Closing in favor of #2471 as it seem #2471 does not need a new dependency.

Please reopen if I misunderstood.

[adrelanos]

Wiping all the RAM is different only clean LUKS unmount.

ram-wipe is now implemented as a separate package:

• https://github.com/Kicksecure/ram-wipe
• https://www.kicksecure.com/wiki/ram-wipe
• https://www.kicksecure.com/wiki/Dev/RAM_Wipe

I'd be happy if dracut was interested in this, picking this up but upstreaming seems quite difficult for me.

Effective ram-wipe however depends on #2471 which will help a ton.