Re: [Tails-dev] Memory Erasure Development

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: Harlan Lieberman-Berg
CC: tails-dev
Alte Treads: Re: [Tails-dev] Memory Erasure Development
Betreff: Re: [Tails-dev] Memory Erasure Development
Hi!

Harlan Lieberman-Berg:
> intrigeri <intrigeri@???> writes:
>> No: Tails 3.0 (based on Debian Stretch) will be x86_64 only.


> Awesome! I've got one or two more bugs to crush, and I need to get
> final sign-off from my employer, but I'll reach out wiht the results of
> testing once I have all the ducks in a row.


What's the current status?

Our current implementation is working less well since we upgraded
Linux to 4.x, and apparently even worse on our Debian Stretch -based
ISOs: memory wipe works fine, but something weird happens in the
initramfs that breaks shutdown. So a more robust replacement would be
warmly welcome :)

However, we're looking into shipping a kernel with the grsecurity
patch, and sadly, the GRKERNSEC_KMEM feature removes support for
kexec. That feature is enabled in the Debian grsec kernels, and can't
be disabled at runtime if compiled in. Any thoughts about this?

Cheers,
--
intrigeri