erase_memory.feature 3.89 KB
Newer Older
1
@product
2 3 4 5 6
Feature: System memory erasure on shutdown
  As a Tails user
  when I shutdown Tails
  I want the system memory to be free from sensitive data.

7 8
# These tests rely on the Linux kernel's memory poisoning features.
# The feature is called "on shutdown" as this is the security guarantee
9 10 11
# we document, but in practice we test that some important bits of memory
# are erased _before_ shutdown, while for some others we really test
# behavior at shutdown time.
12

13
  Scenario: Erasure of memory freed by killed userspace processes
14
    Given I have started Tails from DVD without network and logged in
15
    And I prepare Tails for memory erasure tests
16 17 18
    When I start a process allocating 128 MiB of memory with a known pattern
    Then patterns cover at least 128 MiB in the guest's memory
    When I kill the allocating process
19
    Then I find very few patterns in the guest's memory
20 21 22 23 24 25

  Scenario: Erasure of tmpfs data on unmount
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    And I find very few patterns in the guest's memory
    When I mount a 128 MiB tmpfs on "/mnt" and fill it with a known pattern
26
    Then patterns cover at least 99% of the test FS size in the guest's memory
27 28
    When I umount "/mnt"
    Then I find very few patterns in the guest's memory
29

30
  Scenario: Erasure of read and write disk caches on unmount: vfat
31 32 33 34
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I plug and mount a 128 MiB USB drive with a vfat filesystem
    Then I find very few patterns in the guest's memory
35
    # write cache
36 37 38 39
    When I fill the USB drive with a known pattern
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
40 41 42 43 44 45
    # read cache
    When I mount the USB drive again
    And I read the content of the test FS
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
46

47
  Scenario: Erasure of read and write disk caches on unmount: LUKS-encrypted ext4
48 49 50 51
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I plug and mount a 128 MiB USB drive with an ext4 filesystem encrypted with password "asdf"
    Then I find very few patterns in the guest's memory
52
    # write cache
53 54 55 56
    When I fill the USB drive with a known pattern
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
57 58 59 60 61 62
    # read cache
    When I mount the USB drive again
    And I read the content of the test FS
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
63

64
  Scenario: Erasure of the overlayfs read-write branch on shutdown
65 66 67 68 69 70
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I fill a 128 MiB file with a known pattern on the root filesystem
    # ensure the pattern is in memory due to tmpfs, not to disk cache
    And I drop all kernel caches
    Then patterns cover at least 128 MiB in the guest's memory
71 72
    When I trigger shutdown
    And I wait 20 seconds
73 74 75 76 77 78
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of read and write disk caches of persistent data on shutdown
    Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
    And I prepare Tails for memory erasure tests
    When I fill a 128 MiB file with a known pattern on the persistent filesystem
79 80
    When I trigger shutdown
    And I wait 20 seconds
81
    Then I find very few patterns in the guest's memory