Package: dracut-core Severity: normal X-Debbugs-CC: whonix-de...@whonix.org
Dear maintainer, systemd does not wipe the LUKS disk encryption key for root disk from RAM during shutdown. Quote myself [0]: > Avoiding all sidelines, keeping this simple, for my understanding and for the record and please correct me if I am wrong... Summary: > > "cryptsetup close" of root device during shutdown is already implemented. Quote systemd developer Lennart Poettering [0]: > iff your initrd/distro of choice do so. For the root disk it doesn’t matter what systemd does, it matters what the initrd/distro do. hence ping the maintainers of those. The purpose of this is to defeat a cold boot attack. [1] [2] [3] [4] I reported this bug against Debian cryptsetup. [5] Cheers, Patrick [0] https://github.com/systemd/systemd/issues/17887 [1] https://www.youtube.com/watch?v=JDaicPIgn9U [2] https://en.wikipedia.org/wiki/Cold_boot_attack [3] https://blog.f-secure.com/cold-boot-attacks/ [4] https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978642
