| blob | 5596344edb23c24544d59417498d776717c229db |
1 @product
2 Feature: System memory erasure on shutdown
3 As a Tails user
4 when I shutdown Tails
5 I want the system memory to be free from sensitive data.
7 # These tests rely on the Linux kernel's memory poisoning features.
8 # The feature is called "on shutdown" as this is the security guarantee
9 # we document, but in practice we test that some important bits of memory
10 # are erased _before_ shutdown, while for some others we really test
11 # behavior at shutdown time.
13 Scenario: Erasure of memory freed by killed userspace processes
14 Given I have started Tails from DVD without network and logged in
15 And I prepare Tails for memory erasure tests
16 When I fill the guest's memory with a known pattern and the allocating processes get killed
17 Then I find very few patterns in the guest's memory
19 Scenario: Erasure of tmpfs data on unmount
20 Given I have started Tails from DVD without network and logged in
21 And I prepare Tails for memory erasure tests
22 And I find very few patterns in the guest's memory
23 When I mount a 128 MiB tmpfs on "/mnt" and fill it with a known pattern
24 Then patterns cover at least 99% of the test FS size in the guest's memory
25 When I umount "/mnt"
26 Then I find very few patterns in the guest's memory
28 Scenario: Erasure of read and write disk caches on unmount: vfat
29 Given I have started Tails from DVD without network and logged in
30 And I prepare Tails for memory erasure tests
31 When I plug and mount a 128 MiB USB drive with a vfat filesystem
32 Then I find very few patterns in the guest's memory
33 # write cache
34 When I fill the USB drive with a known pattern
35 Then patterns cover at least 99% of the test FS size in the guest's memory
36 When I umount the USB drive
37 Then I find very few patterns in the guest's memory
38 # read cache
39 When I mount the USB drive again
40 And I read the content of the test FS
41 Then patterns cover at least 99% of the test FS size in the guest's memory
42 When I umount the USB drive
43 Then I find very few patterns in the guest's memory
45 Scenario: Erasure of read and write disk caches on unmount: LUKS-encrypted ext4
46 Given I have started Tails from DVD without network and logged in
47 And I prepare Tails for memory erasure tests
48 When I plug and mount a 128 MiB USB drive with an ext4 filesystem encrypted with password "asdf"
49 Then I find very few patterns in the guest's memory
50 # write cache
51 When I fill the USB drive with a known pattern
52 Then patterns cover at least 99% of the test FS size in the guest's memory
53 When I umount the USB drive
54 Then I find very few patterns in the guest's memory
55 # read cache
56 When I mount the USB drive again
57 And I read the content of the test FS
58 Then patterns cover at least 99% of the test FS size in the guest's memory
59 When I umount the USB drive
60 Then I find very few patterns in the guest's memory
62 Scenario: Erasure of the aufs read-write branch on shutdown
63 Given I have started Tails from DVD without network and logged in
64 And I prepare Tails for memory erasure tests
65 When I fill a 128 MiB file with a known pattern on the root filesystem
66 # ensure the pattern is in memory due to tmpfs, not to disk cache
67 And I drop all kernel caches
68 Then patterns cover at least 128 MiB in the guest's memory
69 When I trigger shutdown
70 And I wait 20 seconds
71 Then I find very few patterns in the guest's memory
73 Scenario: Erasure of read and write disk caches of persistent data on shutdown
74 Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
75 And I prepare Tails for memory erasure tests
76 When I fill a 128 MiB file with a known pattern on the persistent filesystem
77 When I trigger shutdown
78 And I wait 20 seconds
79 Then I find very few patterns in the guest's memory