Commit 7f101d16 authored by intrigeri's avatar intrigeri

Merge branch 'bugfix/16097-memory-erasure-on-shutdown' into devel (Fix-committed: #16097)

parents b85f32ea 4c051c65
......@@ -18,6 +18,7 @@ systemctl enable tails-shutdown-on-media-removal.service
systemctl enable tails-tor-has-bootstrapped.target
systemctl enable tails-wait-until-tor-has-bootstrapped.service
systemctl enable tails-tor-has-bootstrapped-flag-file.service
systemctl enable run-initramfs.mount
systemctl enable var-tmp.mount
# Enable our own systemd user unit files
......
......@@ -8,9 +8,6 @@ set -x
# initramfs during shutdown: in the initramfs, this script is
# overwritten with /usr/local/lib/initramfs-pre-shutdown-hook.
# Otherwise systemd-shutdown cannot execute /run/initramfs/shutdown
/bin/mount -o remount,exec /run
# Debugging
/bin/ls -l /run/initramfs
......
# This allows systemd-shutdown to execute /run/initramfs/shutdown.
# XXX:Bullseye: if https://github.com/systemd/systemd/pull/9429 is merged,
# we can remove this custom code.
[Unit]
Description=Extracted initrd directory
ConditionPathIsSymbolicLink=!/run/initramfs
DefaultDependencies=no
Before=initramfs-shutdown.service local-fs.target
[Mount]
What=tmpfs
Where=/run/initramfs
Type=tmpfs
Options=mode=755
[Install]
WantedBy=local-fs.target
......@@ -44,13 +44,6 @@ boot_device() {
# First clean the screen, then brutally shutdown the machine.
do_stop() {
# Really make sure that the CD is ejected
# FIXME: this might not be necessary with future kernel/udev
if [ "${DEV_TYPE}" = "cd" ]; then
/usr/bin/eject -i off "${BOOT_DEVICE}" || true
/usr/bin/eject -m "${BOOT_DEVICE}" || true
fi
# Kill everything run by amnesia or Debian-gdm, otherwise emergency
# shutdown fails for some reason. Incidentally, this also allows
# the test suite to look for a known message ("Happy dumping!")
......
@product
Feature: Emergency shutdown
As a Tails user
when I unplug my Tails device to trigger emergency shutdown
I want the system memory to be free from sensitive data.
# Test something close to real-world usage, without interfering,
# i.e. without the "I prepare Tails for memory erasure tests" step;
......
......@@ -29,6 +29,16 @@ in the initramfs. That one will unmount all filesystems, run
that helps us automatically test this behavior, and finally perform
the requested poweroff/reboot action.
To make this work, a dedicated `tmpfs` filesystem is [[!tails_gitweb
config/chroot_local-includes/lib/systemd/system/run-initramfs.mount
desc="mounted"]] on `/run/initramfs`: `/run` is mounted with the
`noexec` option and while our attempts to remount it with `exec`
worked for clean shutdown, they failed for emergency shutdown, i.e.
when the boot medium is physically removed.
For details about the underlying systemd mechanisms, see `bootup(7)`
and `systemd-shutdown(8)`.
#### Triggers
Different kinds of events trigger the memory erasure process. All lead
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment