erase memory when the USB stick is removed

Originally created by Tails on #5687 (Redmine)

Rationale

If running from the USB drive and it is removed, it would be nice to wipe memory and reboot when the USB drive is removed: if you’re in a persecuted country and they are on to you, you can grab the USB and leave.

Current state

Implemented in 0.7.

design documentation: done in memory erasure
end-user documentation: done in cold boot attacks

Inspiration

A simple udev rule should do the job. It should be triggered by ACTION=="remove", and be really careful to detect whether the system is running from the just-removed USB stick.

The implementation difficulty arises from the fact that smem must be permanently kept in RAM after boot, along with what’s needed to make the command run by the udev rule work. Possible solution: run smem on boot, immediately SIGSTOP it, and SIGCONT it when the USB stick is unplugged.

Liberte Linux has some kind of watchdog that does something alike these lines (i.e. at least shutdown the box):

they pre-cache needed programs in a directory in /dev/shm
they have a udev watchdog written in C, which is supposed to be more reliable than udev rules.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information