Commit 2ce09056 authored by Tails developers's avatar Tails developers
Browse files

Revert "Use Linux kernel's memtest=2 instead of the limited sdmem to wipe memory."

This reverts commit 34daa6f0.

Conflicts:
	config/chroot_local-hooks/52-update-rc.d
	config/chroot_local-includes/etc/default/kexec
	config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec
	config/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal
parent 4fb1258e
......@@ -7,7 +7,7 @@ tails-detect-virtualization
tails-kexec
tails-reconfigure-kexec
tails-reconfigure-memlockd
tails-wipe-memory-on-media-removal
tails-sdmem-on-media-removal
"
PATCHED_INITSCRIPTS="
......
......@@ -11,12 +11,12 @@ KERNEL_IMAGE=/vmlinux
INITRD=/initrd.img
# If empty, use current /proc/cmdline
APPEND="memtest=2"
APPEND=""
case "$RUNLEVEL" in
6)
APPEND="${APPEND} wipemem=reboot"
APPEND="${APPEND} sdmem=reboot sdmemopts=vllf"
;;
*)
APPEND="${APPEND} wipemem=halt"
APPEND="${APPEND} sdmem=halt sdmemopts=vllf"
;;
esac
......@@ -19,9 +19,9 @@ case "$1" in
echo "KERNEL_IMAGE=\"${KERNEL_IMAGE}\"" >> "$KEXEC_CONF"
echo "INITRD=\"${INITRD}\"" >> "$KEXEC_CONF"
if grep -qw debug=wipemem /proc/cmdline; then
echo 'APPEND="${APPEND} wipememdebug=1"' >> "$KEXEC_CONF"
echo 'APPEND="${APPEND} sdmemdebug=1"' >> "$KEXEC_CONF"
else
echo 'APPEND="${APPEND} quiet"' >> "$KEXEC_CONF"
echo 'APPEND="${APPEND} quiet"' >> "$KEXEC_CONF"
fi
;;
*)
......
#! /bin/sh
### BEGIN INIT INFO
# Provides: tails-wipe-memory-on-media-removal
# Provides: tails-sdmem-on-media-removal
# Required-Start: udev $local_fs tails-reconfigure-memlockd tails-reconfigure-kexec
# Required-Stop: $local_fs
# Required-Stop: $local_fs memlockd
# Default-Start: 2 3 4 5
# Default-Stop: 0 6
# Short-Description: Wipe memory on live media removal.
......@@ -13,7 +13,7 @@
PATH=/usr/local/sbin/:/sbin:/bin
DESC="memory wiping on live media removal"
NAME=tails-wipe-memory-on-media-removal
NAME=tails-sdmem-on-media-removal
WATCHDOG=/usr/local/sbin/udev-watchdog-wrapper
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=/var/run/udev-watchdog
......
......@@ -6,6 +6,17 @@ prereqs() {
echo "${PREREQ}"
}
tweak_sysctl() {
echo 3 > /proc/sys/kernel/printk
echo 3 > /proc/sys/vm/drop_caches
echo 256 > /proc/sys/vm/min_free_kbytes
echo 1 > /proc/sys/vm/overcommit_memory
echo 1 > /proc/sys/vm/oom_kill_allocating_task
echo 0 > /proc/sys/vm/oom_dump_tasks
}
case ${1} in
prereqs)
prereqs
......@@ -13,12 +24,22 @@ case ${1} in
;;
esac
if [ "${wipememdebug}" = 1 ] ; then
if [ -n "${sdmem}" ] ; then
tweak_sysctl
if [ -z "${sdmemopts}" ] ; then
sdmemopts="v"
fi
for i in $(seq 0 30) ; do /usr/bin/sdmem "-${sdmemopts}" & done
# Wait for at least one sdmem job to complete.
/usr/bin/sdmem "-${sdmemopts}"
fi
if [ "${sdmemdebug}" = 1 ] ; then
echo "Going to sleep 10 minutes. Happy dumping!"
sleep 600
fi
case "${wipemem}" in
case "${sdmem}" in
halt)
/sbin/halt -fndp
;;
......
live-boot live-boot/smem boolean true
live-boot live-boot/sdmem boolean true
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment