Re: [Tails-dev] What is *not* erased (after shutdown) with PAX_MEMORY_SANITIZE enabled?

Harlan Lieberman-Berg writes: > It also requires us to reenable kexec functionality, which exposes a > risk of code injection unless we get signed kexec support. I just checked the kernel, and it seems that signed kexec functionality was mainlined in 3.17. So, strike that

Re: [Tails-dev] What is *not* erased (after shutdown) with PAX_MEMORY_SANITIZE enabled?

Hello everyone! Thanks for weighing in, PaX Team. (And thank you for the awesome you and spender do on kernel security!) To summarize, it seems that we have a couple different options to choose from: * Switch to a dedicated microkernel that does a memory wipe, and kexec into it. This could

Re: [Tails-dev] Hey from Dash

hi, Dash Press: > my ‘source’ mentions that you are working on Dash with Tails implementation I'm sorry I don't understand what do you mean here :/ Care to rephrase or clarify? > can you please provide me any details / updates about that ? Certainly, once I've understood the question :)