Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• How-To-Secu...up-Shutdown

This page collects detailed discussion and possible solutions to the problem described here.

Discussion

calestyo:

I guess we cannot simply "force" the kernel to remove the keys while we're still shutting down, I mean even '''after''' remount,ro the root-filesystem. Because then we wouldn't be able anymore to read further files from the root-filesystem (like the next init-scripts or halt/shutdown binaries.

Another problem is, that for really security, all RAM, caches, etc. that could hold sensitive data must be wiped, too. Otherwise at least that could leak.

No only in case of shutdown/reboot we must take care on security with dm-crypt,... but perhaps also on kexec, and even others?

Solutions

Let the kernel remove any keys shortly before halt/reboot

One solution could be (??): really just before the kernel reboots/halts, wipe any keys from the RAM. At this stage, no more reads/writes should occur anyway.

This alone does also not solve the issue, that the whole RAM/cache/etc. should be also wiped.

Invent Un-Initramfs Images

One could do the opposite of initramfs images. Then the root-filesystem could be really unmounted, and the remaining block devices/layers could be really closed cleanly.

This alone does also not solve the issue, that the whole RAM/cache/etc. should be also wiped.