dracut icon indicating copy to clipboard operation
dracut copied to clipboard

Published 20 hours ago verified publisher icon dracutdevs

Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks

Open adrelanos opened this issue 3 years ago • 2 comments

Purpose of this pull request: Receiving some early feedback if this approach looks acceptable.

  • Work in progress.
  • Console output are yet to be improved and documentation written.
  • Untested by me. Will test soon.
  • Tests I am not sure yet how this could realistically be tested.

Changes

  • Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
  • Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks.

Checklist

  • [ ] I have tested it locally
  • [ ] I have reviewed and updated any documentation if relevant
  • [ ] I am providing new code and test(s) for it

Fixes #997

adrelanos avatar Jun 29 '22 11:06 adrelanos

@lnykryn WDYT?

pvalena avatar Jul 26 '22 09:07 pvalena

I didn't update this PR yet.

Meanwhile the code has developed a lot further . It is now being tested by me in Kicksecure. The required depend was already added.

I would very much like if dracut was interested to merge (upstream) this functionality.

Here's the code that I have so far:

  • https://github.com/Kicksecure/security-misc/tree/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense
  • https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/module-setup.sh
  • https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh
  • https://github.com/Kicksecure/security-misc/blob/master/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh

Design documentation: https://www.kicksecure.com/wiki/Dev/RAM_Wipe

General user documentation on cold boot attacks: https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense

A related issue is https://github.com/dracutdevs/dracut/issues/1862 that's why I am currently using echo "..." > /dev/kmsg but that surely can be resolved.

Whatever seems required to upstream, I'd be happy to modify the code to the best of my abilities and/or licensing to accommodate dracut because I very much appreciate dracut and would like this feature to be easily, widely available. (Not only in Kicksecure.)

adrelanos avatar Jul 28 '22 14:07 adrelanos

This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions.

stale[bot] avatar Aug 31 '22 11:08 stale[bot]

Closing in favor of https://github.com/dracutdevs/dracut/pull/2471 as it seem https://github.com/dracutdevs/dracut/pull/2471 does not need a new dependency.

Please reopen if I misunderstood.

LaszloGombos avatar Aug 05 '23 16:08 LaszloGombos

Wiping all the RAM is different only clean LUKS unmount.

ram-wipe is now implemented as a separate package:

  • https://github.com/Kicksecure/ram-wipe
  • https://www.kicksecure.com/wiki/ram-wipe
  • https://www.kicksecure.com/wiki/Dev/RAM_Wipe

I'd be happy if dracut was interested in this, picking this up but upstreaming seems quite difficult for me.

Effective ram-wipe however depends on https://github.com/dracutdevs/dracut/pull/2471 which will help a ton.

adrelanos avatar Aug 05 '23 16:08 adrelanos