erase memory when the USB stick is removed
Originally created by Tails on #5687 (Redmine)
Rationale
If running from the USB drive and it is removed, it would be nice to wipe memory and reboot when the USB drive is removed: if you’re in a persecuted country and they are on to you, you can grab the USB and leave.
Current state
Implemented in 0.7.
- design documentation: done in memory erasure
- end-user documentation: done in cold boot attacks
Inspiration
A simple udev rule should do the job. It should be triggered by
ACTION=="remove"
, and be really careful to detect whether the system
is running from the just-removed USB stick.
The implementation difficulty arises from the fact that smem must be permanently kept in RAM after boot, along with what’s needed to make the command run by the udev rule work. Possible solution: run smem on boot, immediately SIGSTOP it, and SIGCONT it when the USB stick is unplugged.
Liberte Linux has some kind of watchdog that does something alike these lines (i.e. at least shutdown the box):
- they pre-cache needed programs in a directory in
/dev/shm
- they have a udev watchdog written in C, which is supposed to be more reliable than udev rules.