Cold Boot Attack Defense Fixes

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

https://www.kicksecure.com/wiki/Impressum

Other

518 stars 51 forks source link

Cold Boot Attack Defense Fixes #119

Closed friedy10 closed 1 year ago

raja-grewal commented 1 year ago

The way I understand it, this one recommended approach to implement cold boot attack defense.

However, is it possible that using kexec may cause some issues since its use is explicitly disabled via sysctl kernel.kexec_load_disabled=1?

Note as mentioned in the README.md “[k]exec is disabled as it can be used to load a malicious kernel and gain arbitrary code execution in kernel mode”.

raja-grewal commented 1 year ago

Follow up discussion: https://forums.whonix.org/t/kernel-hardening/7296/505

adrelanos commented 1 year ago

Fixed: https://forums.whonix.org/t/kernel-hardening/7296/508