Commit 7f101d16 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'bugfix/16097-memory-erasure-on-shutdown' into devel (Fix-committed: #16097)

parents b85f32ea 4c051c65
...@@ -18,6 +18,7 @@ systemctl enable tails-shutdown-on-media-removal.service ...@@ -18,6 +18,7 @@ systemctl enable tails-shutdown-on-media-removal.service
systemctl enable tails-tor-has-bootstrapped.target systemctl enable tails-tor-has-bootstrapped.target
systemctl enable tails-wait-until-tor-has-bootstrapped.service systemctl enable tails-wait-until-tor-has-bootstrapped.service
systemctl enable tails-tor-has-bootstrapped-flag-file.service systemctl enable tails-tor-has-bootstrapped-flag-file.service
systemctl enable run-initramfs.mount
systemctl enable var-tmp.mount systemctl enable var-tmp.mount
# Enable our own systemd user unit files # Enable our own systemd user unit files
......
...@@ -8,9 +8,6 @@ set -x ...@@ -8,9 +8,6 @@ set -x
# initramfs during shutdown: in the initramfs, this script is # initramfs during shutdown: in the initramfs, this script is
# overwritten with /usr/local/lib/initramfs-pre-shutdown-hook. # overwritten with /usr/local/lib/initramfs-pre-shutdown-hook.
# Otherwise systemd-shutdown cannot execute /run/initramfs/shutdown
/bin/mount -o remount,exec /run
# Debugging # Debugging
/bin/ls -l /run/initramfs /bin/ls -l /run/initramfs
......
# This allows systemd-shutdown to execute /run/initramfs/shutdown.
# XXX:Bullseye: if https://github.com/systemd/systemd/pull/9429 is merged,
# we can remove this custom code.
[Unit]
Description=Extracted initrd directory
ConditionPathIsSymbolicLink=!/run/initramfs
DefaultDependencies=no
Before=initramfs-shutdown.service local-fs.target
[Mount]
What=tmpfs
Where=/run/initramfs
Type=tmpfs
Options=mode=755
[Install]
WantedBy=local-fs.target
...@@ -44,13 +44,6 @@ boot_device() { ...@@ -44,13 +44,6 @@ boot_device() {
# First clean the screen, then brutally shutdown the machine. # First clean the screen, then brutally shutdown the machine.
do_stop() { do_stop() {
# Really make sure that the CD is ejected
# FIXME: this might not be necessary with future kernel/udev
if [ "${DEV_TYPE}" = "cd" ]; then
/usr/bin/eject -i off "${BOOT_DEVICE}" || true
/usr/bin/eject -m "${BOOT_DEVICE}" || true
fi
# Kill everything run by amnesia or Debian-gdm, otherwise emergency # Kill everything run by amnesia or Debian-gdm, otherwise emergency
# shutdown fails for some reason. Incidentally, this also allows # shutdown fails for some reason. Incidentally, this also allows
# the test suite to look for a known message ("Happy dumping!") # the test suite to look for a known message ("Happy dumping!")
......
@product @product
Feature: Emergency shutdown Feature: Emergency shutdown
As a Tails user
when I unplug my Tails device to trigger emergency shutdown
I want the system memory to be free from sensitive data.
# Test something close to real-world usage, without interfering, # Test something close to real-world usage, without interfering,
# i.e. without the "I prepare Tails for memory erasure tests" step; # i.e. without the "I prepare Tails for memory erasure tests" step;
......
...@@ -29,6 +29,16 @@ in the initramfs. That one will unmount all filesystems, run ...@@ -29,6 +29,16 @@ in the initramfs. That one will unmount all filesystems, run
that helps us automatically test this behavior, and finally perform that helps us automatically test this behavior, and finally perform
the requested poweroff/reboot action. the requested poweroff/reboot action.
To make this work, a dedicated `tmpfs` filesystem is [[!tails_gitweb
config/chroot_local-includes/lib/systemd/system/run-initramfs.mount
desc="mounted"]] on `/run/initramfs`: `/run` is mounted with the
`noexec` option and while our attempts to remount it with `exec`
worked for clean shutdown, they failed for emergency shutdown, i.e.
when the boot medium is physically removed.
For details about the underlying systemd mechanisms, see `bootup(7)`
and `systemd-shutdown(8)`.
#### Triggers #### Triggers
Different kinds of events trigger the memory erasure process. All lead Different kinds of events trigger the memory erasure process. All lead
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment