search

Lvl4Sword / Killer

🔪 System tamper detector for USB, Bluetooth, AC, Battery, Disk Tray, and Ethernet.
https://pypi.org/project/killer/
GNU Affero General Public License v3.0
71 stars 11 forks source link

Nuking cryptsetup keyslots #32

Open 1989gironimo opened 5 years ago

1989gironimo commented 5 years ago

Shamelessly stolen from @HulaHoopWhonix via github/usbkill: I don't know if custom commands are supported but nuking cryptsetup keyslots would be a good option.

Lvl4Sword commented 5 years ago

I like this idea and will add it to my todo list.

Lvl4Sword commented 5 years ago

According to https://wiki.archlinux.org/index.php/Dm-crypt/Device_Encryption : luksErase is used to quickly remove all active keys. So, that would probably be a good idea to use. Though, testing this will require a VM as to ensure I don't nuke any system I'm testing on.

Looking at https://superuser.com/a/1168933 , there will be a prompt that requires a YES input. echo -n "YES" | cryptsetup luksErase /dev/sdaX - should work for this, but I'll have to test.

Lvl4Sword commented 5 years ago

I labeled this "Custom Commands", as this'll be something that will be a lot easier to setup when custom commands are done. Any custom commands won't be officially supported, so any issues with them won't be addressed.