Feature #5342

Hugetlb mem wipe

Added by Tails 2013-07-18 07:39:21 . Updated 2017-04-05 17:59:44 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

feature/hugetlb_mem_wipe

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Using a custom memory wiping program from initramfs is implemented in the feature/hugetlb_mem_wipe branch.

It makes the wipe much faster and better looking, but it’s not as efficient as Tails’ current parallel sdmem approach when using a PAE kernel (which usually results in 0 occurrences in my tests, if not it’s just a few hundred occurences), which arguably is what most users will use. For the non-PAE kernel I believe this branch is better, though.

Next thing to do: fine tune the algorithm parameters and/or memory settings to be as efficient on PAE than current implementation.

Test results

Both tests performed in the same 8 GiB-RAM VM:

With PAE-kernel: 137K occurences =~ 2.1 MiB of unwiped memory.
With non-PAE-kernel: 155K occurences =~ 2.4 MiB of unwiped memory.

Subtasks

Related issues

Related to Tails - ~~Feature #5762~~: Faster memory wipe	Rejected
Related to Tails - ~~Feature #5456~~: amd64 kernel	Resolved
Blocks Tails - ~~Feature #6006~~: More efficient memory wipe	Rejected
Blocks Tails - ~~Feature #5658~~: Move from sdmem to memtest	Rejected

History

#1 Updated by BitingBird 2014-06-09 10:24:33

Subject changed from hugetlb mem wipe to Hugetlb mem wipe
Description updated
Starter set to No

#2 Updated by BitingBird 2015-01-02 23:36:56

Feature Branch set to feature/hugetlb_mem_wipe

#3 Updated by intrigeri 2017-04-05 17:59:44

Status changed from Confirmed to Rejected

See ~~Bug #12354~~: we’re dropping our kexec-based implementation, that’s not robust enough, gives poor UX, and a reasonably good alternative is now available. Let’s come back to it once there’s something we can kexec, that fixes these problems.