Feature #5658

Move from sdmem to memtest

Added by Tails 2013-07-18 07:44:09 . Updated 2017-04-05 18:00:15 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

Rationale

Replace sdmem with the Linux kernel’s memtest=2 feature will fix sdmem does not clear all memory and will generally be simpler and more robust.

Update: according to Liberte Linux’ Maxim Kammerer, the memtest= approach is flawed; it only tests LOWMEM, "so it seems that at most ~895 MiB can be tested in 32-bit x86 kernels". Therefore, it’s currently not fit for any kind of anti-forensics memory wiping. Being discussed on tails-dev / reported upstream, end of 2011: from sdmem to memtest, and testing procedures, PROBLEM: memtest tests only LOWMEM. Max Kammerer opened Linux bug 42630.

Let’s wait for the outcome of the discussion with upstream.

There has been basically no progress 3 months later. We probably have to find an interested kernel hacker to patch the "memtest" code for our usecase.

Plans

Implemented in bugfix/from_sdmem_to_memtest branch.

Let’s wait for feature/hugetlb_mem_wipe to be merged. If we’re happy with it, we can avoid moving to memtest.


Subtasks


Related issues

Related to Tails - Feature #5762: Faster memory wipe Rejected
Blocked by Tails - Feature #5342: Hugetlb mem wipe Rejected

History

#1 Updated by intrigeri 2013-07-19 07:00:59

  • Type of work changed from Wait to Code

#2 Updated by BitingBird 2014-06-09 10:25:16

  • Subject changed from move from sdmem to memtest to Move from sdmem to memtest
  • Starter set to No

#3 Updated by intrigeri 2017-04-05 18:00:15

  • Status changed from Confirmed to Rejected

See Bug #12354: we’re dropping our kexec-based implementation, that’s not robust enough, gives poor UX, and a reasonably good alternative is now available. Let’s come back to it once there’s something we can kexec, that fixes these problems.