summaryrefslogtreecommitdiffstats
path: root/features/erase_memory.feature
blob: 5596344edb23c24544d59417498d776717c229db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
@product
Feature: System memory erasure on shutdown
  As a Tails user
  when I shutdown Tails
  I want the system memory to be free from sensitive data.

# These tests rely on the Linux kernel's memory poisoning features.
# The feature is called "on shutdown" as this is the security guarantee
# we document, but in practice we test that some important bits of memory
# are erased _before_ shutdown, while for some others we really test
# behavior at shutdown time.

  Scenario: Erasure of memory freed by killed userspace processes
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I fill the guest's memory with a known pattern and the allocating processes get killed
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of tmpfs data on unmount
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    And I find very few patterns in the guest's memory
    When I mount a 128 MiB tmpfs on "/mnt" and fill it with a known pattern
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount "/mnt"
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of read and write disk caches on unmount: vfat
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I plug and mount a 128 MiB USB drive with a vfat filesystem
    Then I find very few patterns in the guest's memory
    # write cache
    When I fill the USB drive with a known pattern
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
    # read cache
    When I mount the USB drive again
    And I read the content of the test FS
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of read and write disk caches on unmount: LUKS-encrypted ext4
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I plug and mount a 128 MiB USB drive with an ext4 filesystem encrypted with password "asdf"
    Then I find very few patterns in the guest's memory
    # write cache
    When I fill the USB drive with a known pattern
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory
    # read cache
    When I mount the USB drive again
    And I read the content of the test FS
    Then patterns cover at least 99% of the test FS size in the guest's memory
    When I umount the USB drive
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of the aufs read-write branch on shutdown
    Given I have started Tails from DVD without network and logged in
    And I prepare Tails for memory erasure tests
    When I fill a 128 MiB file with a known pattern on the root filesystem
    # ensure the pattern is in memory due to tmpfs, not to disk cache
    And I drop all kernel caches
    Then patterns cover at least 128 MiB in the guest's memory
    When I trigger shutdown
    And I wait 20 seconds
    Then I find very few patterns in the guest's memory

  Scenario: Erasure of read and write disk caches of persistent data on shutdown
    Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
    And I prepare Tails for memory erasure tests
    When I fill a 128 MiB file with a known pattern on the persistent filesystem
    When I trigger shutdown
    And I wait 20 seconds
    Then I find very few patterns in the guest's memory