{{Header}}
{{#seo:
|description=Implementation notes.
}}
{{title|title=
Cold Boot Attack Defense - Archived RAM Wipe Development Notes
}}
'''Archived!'''
<u>'''Superseded by [[Dev/RAM Wipe]]!'''</u>
= Old RAM Wipe Development Notes =
== cryptsetup-suspend ==
* https://manpages.debian.org/cryptsetup-suspend
* https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=cryptsetup-suspend
* Its in [https://packages.debian.org/bookworm/cryptsetup-suspend Debian bookworm]
* https://salsa.debian.org/mejo/cryptsetup-suspend/-/blob/suspend/debian/control

(Bold added.)

<blockquote>
Package: cryptsetup-suspend
[...]
Description: disk encryption support - suspend mode integration
 Cryptsetup provides an interface for configuring encryption on block
 devices (such as /home or swap partitions), using the Linux kernel
 device mapper target dm-crypt. It features integrated Linux Unified Key
 Setup (LUKS) support.
 .
 This package provides suspend mode integration for cryptsetup. '''It takes'''
 '''care of removing LUKS master key from memory before system suspend.'''
 .
 Please note that the supsend mode integration is limited to LUKS devices
 and requires systemd.
</blockquote>

* https://archive.fosdem.org/2020/schedule/event/dip_close_lid_encrypt/attachments/slides/3946/export/events/attachments/dip_close_lid_encrypt/slides/3946/cryptsetup_fosdem.pdf
* https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/scripts/suspend/cryptsetup-suspend.c
* https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/scripts/suspend/cryptsetup-suspend-wrapper
* https://packages.debian.org/experimental/amd64/cryptsetup-suspend/filelist

== Potential cryptsetup-suspend Security Issue ==
Might not suspend and wipe cryptsetup key.

<blockquote>Not enough memory available. Please close some programs or add swap space to suspend successfully.</blockquote>

[https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/scripts/suspend/cryptsetup-suspend-wrapper <code>/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper</code>]

<pre>
        if [ $((MemAvailable+SwapFree)) -lt $((300*1024*1024)) ]; then
            log_error "Not enough memory available. Please close some programs or add swap space to suspend successfully."
            exit 1
        fi
</pre>

== cryptsetup ==

Quote [https://manpages.debian.org/cryptsetup <code>cryptsetup luksSuspend</code>, <code>cryptsetup close</code> (previously <code>cryptsetup lukseClose</code>) man page]. (Bold added.)

<blockquote>luksSuspend

suspends active device (all IO operations are frozen) and '''wipes encryption key from kernel'''.</blockquote>

<blockquote>close

Removes the existing mapping <name> and '''wipes the key from kernel memory'''.</blockquote>

Does <code>systemd</code> run <code>cryptsetup luksSuspend</code>, <code>cryptsetup close</code> or <code>cryptsetup lukseClose</code> on the root device and thereby wipe the cryptsetup encryption key from kernel memory?

Quote https://www.freedesktop.org/software/systemd/man/systemd-halt.service.html

<blockquote>When these services are run, they ensure that PID 1 is replaced by the /usr/lib/systemd/systemd-shutdown tool which is then responsible for the actual shutdown. Before shutting down, this binary will try to unmount all remaining file systems, disable all remaining swap devices, detach all remaining storage devices and kill all remaining processes.</blockquote>

* https://manpages.debian.org/systemd-shutdown
* https://github.com/systemd/systemd/blob/master/src/shutdown/shutdown.c
** mentions <code>need_dm_detach</code>, <code>dm_detach_all</code>
*** https://github.com/systemd/systemd/blob/master/src/shutdown/umount.c#L815 implements <code>dm_detach_all</code>
**** https://lists.freedesktop.org/archives/systemd-devel/2012-June/005443.html might imply that <code>dm_detach_all</code> refers to <code>dm-crypt</code>

<code>/lib/cryptsetup/cryptdisks-functions</code>

<pre>
# Removes all mappings in crypttab, except the ones holding the root
# file system or /usr
do_stop() {
</pre>

== systemd ==
* systemd feature request: [https://github.com/systemd/systemd/issues/5794 <code>cryptsetup luksSuspend</code> (wipes encryption key from kernel) on suspend]
* systemd feature request: [https://github.com/systemd/systemd/issues/17887 Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks]
* https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup@.service.html
* https://www.freedesktop.org/software/systemd/man/crypttab.html
* https://systemd.io/INITRD_INTERFACE/
* https://systemd.io/ROOT_STORAGE_DAEMONS/

== initramfs ==
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778849

== Inspiration ==
* https://github.com/vianney/arch-luks-suspend
* https://github.com/nailfarmer/debian-luks-suspend/
* https://waaaaargh.github.io/gnu&linux/2013/08/06/lukssuspend-with-encrypted-root-on-archlinux/

= Forum Discussion =
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596

<references/>

{{Footer}}

[[Category: Design]]
[[Category: Development]]