Feature #5658
Move from sdmem to memtest
0%
Description
Rationale
Replace sdmem with the Linux kernel’s memtest=2 feature will fix sdmem does not clear all memory and will generally be simpler and more robust.
Update: according to Liberte Linux’ Maxim Kammerer, the
memtest=approach is flawed; it only tests LOWMEM, "so it seems that at most ~895 MiB can be tested in 32-bit x86 kernels". Therefore, it’s currently not fit for any kind of anti-forensics memory wiping. Being discussed on tails-dev / reported upstream, end of 2011: from sdmem to memtest, and testing procedures, PROBLEM: memtest tests only LOWMEM. Max Kammerer opened Linux bug 42630.Let’s wait for the outcome of the discussion with upstream.
There has been basically no progress 3 months later. We probably have to find an interested kernel hacker to patch the "memtest" code for our usecase.
Plans
Implemented in bugfix/from_sdmem_to_memtest branch.
Let’s wait for feature/hugetlb_mem_wipe to be merged. If we’re happy with it, we can avoid moving to memtest.
Subtasks
Related issues
|
Related to Tails - |
Rejected | ||
|
Blocked by Tails - |
Rejected |
History
#1 Updated by intrigeri 2013-07-19 07:00:59
- Type of work changed from Wait to Code
#2 Updated by BitingBird 2014-06-09 10:25:16
- Subject changed from move from sdmem to memtest to Move from sdmem to memtest
- Starter set to No
#3 Updated by intrigeri 2017-04-05 18:00:15
- Status changed from Confirmed to Rejected
See Bug #12354: we’re dropping our kexec-based implementation, that’s not robust enough, gives poor UX, and a reasonably good alternative is now available. Let’s come back to it once there’s something we can kexec, that fixes these problems.