Project

General

Profile

Feature #5342

Hugetlb mem wipe

Added by Tails about 6 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
feature/hugetlb_mem_wipe
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

Using a custom memory wiping program from initramfs is implemented in the feature/hugetlb_mem_wipe branch.

It makes the wipe much faster and better looking, but it's not as efficient as Tails' current parallel sdmem approach when using a PAE kernel (which usually results in 0 occurrences in my tests, if not it's just a few hundred occurences), which arguably is what most users will use. For the non-PAE kernel I believe this branch is better, though.

Next thing to do: fine tune the algorithm parameters and/or memory settings to be as efficient on PAE than current implementation.

Test results

Both tests performed in the same 8 GiB-RAM VM:

  • With PAE-kernel: 137K occurences =~ 2.1 MiB of unwiped memory.
  • With non-PAE-kernel: 155K occurences =~ 2.4 MiB of unwiped memory.

Related issues

Related to Tails - Feature #5762: Faster memory wipe Rejected
Related to Tails - Feature #5456: amd64 kernel Resolved
Blocks Tails - Feature #6006: More efficient memory wipe Rejected
Blocks Tails - Feature #5658: Move from sdmem to memtest Rejected

History

#1 Updated by BitingBird over 5 years ago

  • Subject changed from hugetlb mem wipe to Hugetlb mem wipe
  • Description updated (diff)
  • Starter set to No

#2 Updated by BitingBird over 4 years ago

  • Feature Branch set to feature/hugetlb_mem_wipe

#3 Updated by intrigeri over 2 years ago

  • Status changed from Confirmed to Rejected

See #12354: we're dropping our kexec-based implementation, that's not robust enough, gives poor UX, and a reasonably good alternative is now available. Let's come back to it once there's something we can kexec, that fixes these problems.

Also available in: Atom PDF