Hi,
(Now Cc'ing tails-dev mailing list.)
coderman wrote (12 Jan 2011 12:06:05 GMT) :
> however, more than just wipe at shutdown is useful.
Ack. On second thought, it appears to me the current T(A)ILS "wipe
memory on shutdown" implementation does not necessarily protect
against the attacks that t
Hi,
This thread on or-talk made me discover a way that might be interesting to
implement to actually wipe encrypted disks key material.
When you luksClose a disk/volume, it's key material is forgotten by the
kernel, but still in memory (if I understood how it works). But it seems
that in the kern
Hi,
berta...@ptitcanardnoir.org wrote (13 Jan 2011 12:29:22 GMT) :
> When you luksClose a disk/volume, it's key material is forgotten by
> the kernel, but still in memory (if I understood how it works). But
> it seems that in the kernel the code to wipe a key material is
> already there, and used
On Fri, Jan 14, 2011 at 12:26:13AM +0100, intrigeri wrote:
> Hi,
>
> > Still, if the kexec method don't help in wiping key material, I
> > suppose writing a very simple wrapper to cryptsetup that use
> > luksSuspend then luskClose when cryptsetup is called to luksClose an
> > encrypted disk might
hi,
berta...@ptitcanardnoir.org wrote (14 Jan 2011 14:41:57 GMT) :
> This is surely a big enhancement over our previous implementation,
> nice you're working on it.
pushed to devel branch.
I only tested in KVM+ISO, needs to be tested on bare-metal {CD, USB}.
> On that subject, I realized this mo
Hi,
intrigeri wrote (13 Jan 2011 11:37:51 GMT) :
>> explicit ordered zeroisation is handy. (starting with keys and key
>> schedules, working cipher state, then on to user data, before
>> completing a full pass or three. this takes a smart kexec or other
>> ham fisted - still worth the effort.)
>