2 Feature: System memory erasure on shutdown
5 I want the system memory to be free from sensitive data.
7 # These tests rely on the Linux kernel's memory poisoning features.
8 # The feature is called "on shutdown" as this is the security guarantee
9 # we document, but in practice we test that some important bits of memory
10 # are erased _before_ shutdown, while for some others we really test
11 # behavior at shutdown time.
13 Scenario: Erasure of memory freed by killed userspace processes
14 Given I have started Tails from DVD without network and logged in
15 And I prepare Tails for memory erasure tests
16 When I start a process allocating 128 MiB of memory with a known pattern
17 Then patterns cover at least 128 MiB in the guest's memory
18 When I kill the allocating process
19 Then I find very few patterns in the guest's memory
21 Scenario: Erasure of tmpfs data on unmount
22 Given I have started Tails from DVD without network and logged in
23 And I prepare Tails for memory erasure tests
24 And I find very few patterns in the guest's memory
25 When I mount a 128 MiB tmpfs on "/mnt" and fill it with a known pattern
26 Then patterns cover at least 99% of the test FS size in the guest's memory
28 Then I find very few patterns in the guest's memory
30 Scenario: Erasure of read and write disk caches on unmount: vfat
31 Given I have started Tails from DVD without network and logged in
32 And I prepare Tails for memory erasure tests
33 When I plug and mount a 128 MiB USB drive with a vfat filesystem
34 Then I find very few patterns in the guest's memory
36 When I fill the USB drive with a known pattern
37 Then patterns cover at least 99% of the test FS size in the guest's memory
38 When I umount the USB drive
39 Then I find very few patterns in the guest's memory
41 When I mount the USB drive again
42 And I read the content of the test FS
43 Then patterns cover at least 99% of the test FS size in the guest's memory
44 When I umount the USB drive
45 Then I find very few patterns in the guest's memory
47 Scenario: Erasure of read and write disk caches on unmount: LUKS-encrypted ext4
48 Given I have started Tails from DVD without network and logged in
49 And I prepare Tails for memory erasure tests
50 When I plug and mount a 128 MiB USB drive with an ext4 filesystem encrypted with password "asdf"
51 Then I find very few patterns in the guest's memory
53 When I fill the USB drive with a known pattern
54 Then patterns cover at least 99% of the test FS size in the guest's memory
55 When I umount the USB drive
56 Then I find very few patterns in the guest's memory
58 When I mount the USB drive again
59 And I read the content of the test FS
60 Then patterns cover at least 99% of the test FS size in the guest's memory
61 When I umount the USB drive
62 Then I find very few patterns in the guest's memory
64 Scenario: Erasure of the overlayfs read-write branch on shutdown
65 Given I have started Tails from DVD without network and logged in
66 And I prepare Tails for memory erasure tests
67 When I fill a 128 MiB file with a known pattern on the root filesystem
68 # ensure the pattern is in memory due to tmpfs, not to disk cache
69 And I drop all kernel caches
70 Then patterns cover at least 128 MiB in the guest's memory
71 When I trigger shutdown
73 Then I find very few patterns in the guest's memory
75 Scenario: Erasure of read and write disk caches of persistent data on shutdown
76 Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
77 And I prepare Tails for memory erasure tests
78 When I fill a 128 MiB file with a known pattern on the persistent filesystem
79 When I trigger shutdown
81 Then I find very few patterns in the guest's memory