Commit 34daa6f0 authored by Tails developers's avatar Tails developers
Browse files

Use Linux kernel's memtest=2 instead of the limited sdmem to wipe memory.

parent f443f0d7
......@@ -7,14 +7,14 @@ update-rc.d tails-detect-virtualization start 17 S .
update-rc.d tails-kexec stop 85 0 6 .
update-rc.d tails-wifi start 17 S .
update-rc.d memlockd start 22 2 3 4 5 .
update-rc.d tails-sdmem-on-media-removal start 23 2 3 4 5 . stop 01 0 6
update-rc.d tails-wipe-memory-on-media-removal start 23 2 3 4 5 . stop 01 0 6
update-rc.d tails-reconfigure-kexec defaults
update-rc.d tails-reconfigure-memlockd defaults
# we run Tor ourselves after HTP via NetworkManager hooks
update-rc.d tor disable
# we reboot/halt using kexec->sdmem
# we reboot/halt using kexec
update-rc.d -f halt remove
update-rc.d -f reboot remove
......
......@@ -11,12 +11,12 @@ KERNEL_IMAGE=/vmlinux
INITRD=/initrd.img
# If empty, use current /proc/cmdline
APPEND="quiet"
APPEND="quiet memtest=2"
case "$RUNLEVEL" in
6)
APPEND="${APPEND} sdmem=reboot sdmemopts=vllf"
APPEND="${APPEND} wipemem=reboot"
;;
*)
APPEND="${APPEND} sdmem=halt sdmemopts=vllf"
APPEND="${APPEND} wipemem=halt"
;;
esac
......@@ -16,7 +16,7 @@ case "$1" in
echo "KERNEL_IMAGE=\"$(/usr/local/bin/tails-get-bootinfo kernel)\"" >> "$KEXEC_CONF"
echo "INITRD=\"$(/usr/local/bin/tails-get-bootinfo initrd)\"" >> "$KEXEC_CONF"
if grep -qw debug=wipemem /proc/cmdline; then
echo 'APPEND="${APPEND} sdmemdebug=1"' >> "$KEXEC_CONF"
echo 'APPEND="${APPEND} wipememdebug=1"' >> "$KEXEC_CONF"
fi
;;
*)
......
#! /bin/sh
### BEGIN INIT INFO
# Provides: tails-sdmem-on-media-removal
# Provides: tails-wipe-memory-on-media-removal
# Required-Start: udev $local_fs memlockd
# Required-Stop: $local_fs memlockd
# Default-Start: 2
......@@ -13,7 +13,7 @@
PATH=/usr/local/sbin/:/sbin:/bin
DESC="memory wiping on live media removal"
NAME=tails-sdmem-on-media-removal
NAME=tails-wipe-memory-on-media-removal
WATCHDOG=/usr/local/sbin/udev-watchdog-wrapper
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=/var/run/udev-watchdog
......
......@@ -6,17 +6,6 @@ prereqs() {
echo "${PREREQ}"
}
tweak_sysctl() {
echo 3 > /proc/sys/kernel/printk
echo 3 > /proc/sys/vm/drop_caches
echo 256 > /proc/sys/vm/min_free_kbytes
echo 1 > /proc/sys/vm/overcommit_memory
echo 1 > /proc/sys/vm/oom_kill_allocating_task
echo 0 > /proc/sys/vm/oom_dump_tasks
}
case ${1} in
prereqs)
prereqs
......@@ -24,22 +13,12 @@ case ${1} in
;;
esac
if [ -n "${sdmem}" ] ; then
tweak_sysctl
if [ -z "${sdmemopts}" ] ; then
sdmemopts="v"
fi
for i in $(seq 0 30) ; do /usr/bin/sdmem "-${sdmemopts}" & done
# Wait for at least one sdmem job to complete.
/usr/bin/sdmem "-${sdmemopts}"
fi
if [ "${sdmemdebug}" = 1 ] ; then
if [ "${wipememdebug}" = 1 ] ; then
echo "Going to sleep 10 minutes. Happy dumping!"
sleep 600
fi
case "${sdmem}" in
case "${wipemem}" in
halt)
/sbin/halt -fndp
;;
......
live-boot live-boot/smem boolean true
live-boot live-boot/sdmem boolean true
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment