Hi! I experimented with yet another approach to improve the situation of our memory wiping mechanism. Maybe all we needed to fix the current process was 0f1f476d, but well...
So, here it is, in the `feature/hugetlb_mem_wipe` branch. It keeps a Linux+initramfs+userland program approach, but it does so with a little hand-crafted C program. That piece of software uses mmap and hugetlb and some Linux vm tricks to wipe as much as possible. And for an added bonus, with a progress bar. See the commit message for more details. If have successfully tested that code in a VM with more than 4 GB memory and it looks like it works. I was not able to properly analyze the memory with that much bytes, though. I'll be happy if someone could do so more testing in >= 4 GB conditions as I am lacking the necessary hardware at the moment. I'd be interested in knowing how this branch compares with the current state of devel, both in time and on how much memory is actually overwritten. Provided a little more feedback, this could go in 0.14. We can always revert if rc1 proves it deficient. -- Ague
pgpiheeLRtdk9.pgp
Description: PGP signature
_______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev