Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print VersionDebug Helper Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Archived! Superseded by Dev/RAM Wipe!

Old RAM Wipe Development Notes[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Old_RAM_Wipe_Development_Notes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#Old_RAM_Wipe_Development_Notes|Old RAM Wipe Development Notes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Old RAM Wipe Development Notes](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Old_RAM_Wipe_Development_Notes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Old RAM Wipe Development Notes](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Old_RAM_Wipe_Development_Notes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Old_RAM_Wipe_Development_Notes]Old RAM Wipe Development Notes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

cryptsetup-suspend[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup-suspend Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#cryptsetup-suspend|cryptsetup-suspend]]
Copy as Wikitext Click = Copy Copied to clipboard! [cryptsetup-suspend](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup-suspend)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [cryptsetup-suspend](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup-suspend)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup-suspend]cryptsetup-suspend[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• https://manpages.debian.org/cryptsetup-suspend
• https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=cryptsetup-suspend
• Its in Debian bookworm
• https://salsa.debian.org/mejo/cryptsetup-suspend/-/blob/suspend/debian/control

(Bold added.)

Package: cryptsetup-suspend [...] Description: disk encryption support - suspend mode integration Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel device mapper target dm-crypt. It features integrated Linux Unified Key Setup (LUKS) support. . This package provides suspend mode integration for cryptsetup. It takes care of removing LUKS master key from memory before system suspend. . Please note that the supsend mode integration is limited to LUKS devices and requires systemd.

• https://archive.fosdem.org/2020/schedule/event/dip_close_lid_encrypt/attachments/slides/3946/export/events/attachments/dip_close_lid_encrypt/slides/3946/cryptsetup_fosdem.pdf
• https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/scripts/suspend/cryptsetup-suspend.c
• https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/scripts/suspend/cryptsetup-suspend-wrapper
• https://packages.debian.org/experimental/amd64/cryptsetup-suspend/filelist

Potential cryptsetup-suspend Security Issue[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Potential_cryptsetup-suspend_Security_Issue Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#Potential_cryptsetup-suspend_Security_Issue|Potential cryptsetup-suspend Security Issue]]
Copy as Wikitext Click = Copy Copied to clipboard! [Potential cryptsetup-suspend Security Issue](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Potential_cryptsetup-suspend_Security_Issue)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Potential cryptsetup-suspend Security Issue](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Potential_cryptsetup-suspend_Security_Issue)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Potential_cryptsetup-suspend_Security_Issue]Potential cryptsetup-suspend Security Issue[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Might not suspend and wipe cryptsetup key.

Not enough memory available. Please close some programs or add swap space to suspend successfully.

/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper

        if [ $((MemAvailable+SwapFree)) -lt $((300*1024*1024)) ]; then
            log_error "Not enough memory available. Please close some programs or add swap space to suspend successfully."
            exit 1
        fi

cryptsetup[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#cryptsetup|cryptsetup]]
Copy as Wikitext Click = Copy Copied to clipboard! [cryptsetup](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [cryptsetup](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#cryptsetup]cryptsetup[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Quote cryptsetup luksSuspend, cryptsetup close (previously cryptsetup lukseClose) man page. (Bold added.)

luksSuspend suspends active device (all IO operations are frozen) and wipes encryption key from kernel.

close Removes the existing mapping <name> and wipes the key from kernel memory.

Does systemd run cryptsetup luksSuspend, cryptsetup close or cryptsetup lukseClose on the root device and thereby wipe the cryptsetup encryption key from kernel memory?

Quote https://www.freedesktop.org/software/systemd/man/systemd-halt.service.html

When these services are run, they ensure that PID 1 is replaced by the /usr/lib/systemd/systemd-shutdown tool which is then responsible for the actual shutdown. Before shutting down, this binary will try to unmount all remaining file systems, disable all remaining swap devices, detach all remaining storage devices and kill all remaining processes.

• https://manpages.debian.org/systemd-shutdown
• https://github.com/systemd/systemd/blob/master/src/shutdown/shutdown.c
  • mentions need_dm_detach, dm_detach_all
    • https://github.com/systemd/systemd/blob/master/src/shutdown/umount.c#L815 implements dm_detach_all
      • https://lists.freedesktop.org/archives/systemd-devel/2012-June/005443.html might imply that dm_detach_all refers to dm-crypt

/lib/cryptsetup/cryptdisks-functions

# Removes all mappings in crypttab, except the ones holding the root
# file system or /usr
do_stop() {

systemd[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#systemd Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#systemd|systemd]]
Copy as Wikitext Click = Copy Copied to clipboard! [systemd](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#systemd)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [systemd](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#systemd)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#systemd]systemd[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• systemd feature request: cryptsetup luksSuspend (wipes encryption key from kernel) on suspend
• systemd feature request: Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
• https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup@.service.html
• https://www.freedesktop.org/software/systemd/man/crypttab.html
• https://systemd.io/INITRD_INTERFACE/
• https://systemd.io/ROOT_STORAGE_DAEMONS/

initramfs[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#initramfs Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#initramfs|initramfs]]
Copy as Wikitext Click = Copy Copied to clipboard! [initramfs](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#initramfs)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [initramfs](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#initramfs)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#initramfs]initramfs[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778849

Inspiration[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Inspiration Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#Inspiration|Inspiration]]
Copy as Wikitext Click = Copy Copied to clipboard! [Inspiration](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Inspiration)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Inspiration](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Inspiration)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Inspiration]Inspiration[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• https://github.com/vianney/arch-luks-suspend
• https://github.com/nailfarmer/debian-luks-suspend/
• https://waaaaargh.github.io/gnu&linux/2013/08/06/lukssuspend-with-encrypted-root-on-archlinux/

Forum Discussion[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Forum_Discussion Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes#Forum_Discussion|Forum Discussion]]
Copy as Wikitext Click = Copy Copied to clipboard! [Forum Discussion](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Forum_Discussion)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Forum Discussion](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Forum_Discussion)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes#Forum_Discussion]Forum Discussion[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596

Kicksecure A secure by default operating system with the latest security research in place. Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev/RAM_Wipe_Old_Notes|Cold Boot Attack Defense - Archived RAM Wipe Development Notes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Cold Boot Attack Defense - Archived RAM Wipe Development Notes](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Cold Boot Attack Defense - Archived RAM Wipe Development Notes](https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev/RAM_Wipe_Old_Notes]Cold Boot Attack Defense - Archived RAM Wipe Development Notes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!