[pkg-cryptsetup-devel] Bug#978642: Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks from Initial Ramdisk (initramfs-tools or dracut)

Guilhem Moulin guilhem at debian.org
Tue Dec 29 16:21:04 GMT 2020

Control: severity -1 wishlist
Control: reassign -1 cryptsetup-initramfs
Control: block -1 by 778849


AFAICT dracut has dracut-shutdown(8) which you can extend at will, or
convince the maintainer to ship the required logic for everyone.
However Debian's default initramfs, namely initramfs-tools(7) currently
has no interface to hook into at shutdown, and init doesn't even hand
execution over to the initramfs during the shutdown phase (#778849).
When such an interface is available we can ship shutdown scripts into

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20201229/0bcca3c9/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list