Introduction[edit]

The TimeSync page notes:

Using Boot Clock Randomization, i.e. after boot, the clock is set randomly between 0 and 180 seconds into the past or future. This is useful to enforce the design goal, that the host clock and VM clock should always slightly differ. It is also useful to obfuscate the clock when sdwdate itself is running, because naturally at this time, sdwdate hasn't finished. sdwdate runs after booting.

By randomly moving the system clock a few seconds (and nanseconds) in the past or future during boot, this enforces the design goal of a slightly different host clock and any VMs clock, even before secure timesync has succeeded. This prevents time-based fingerprinting and linkability issues, thereby improving security and privacy. ^[1]

For technical discussion on the Boot Clock Randomization design, see here. ^[2]

Log Inspection[edit]

Open file /var/log/bootclockrandomization.log in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run.

mousepad /var/log/bootclockrandomization.log

If you are using a terminal, run.

nano /var/log/bootclockrandomization.log

Disable[edit]

Disabling of Boot Clock Randomization is discouraged because it is not usually required. However, it may be useful for offline (vault) VMs.

Run the following command. Note:

Qubes-Whonix: Use a StandaloneVM or a separate Template.
Non-Qubes-Whonix: No extra steps are required.

sudo systemctl mask bootclockrandomization

Boot Clock Randomization will no longer occur after reboot.

Footnotes[edit]

↑ https://github.com/Kicksecure/bootclockrandomization
↑ Notably, one recent change is the 0-5 second time window is no longer excluded in the process, as it was found to aid fingerprinting.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure ™ A secure by default operating system with the latest security research in place.

Donate

FREE · PLUS · PREMIUM Support

At Kicksecure we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Kicksecure ™ is supported by Evolution Host DDoS Protected VPS.

Kicksecure ™ is a secure by default operating system with the latest security research in place.

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Kicksecure

ENCRYPTED SUPPORT LP, 2022

Kicksecure ™ is Hardened by Kicksecure ™

[1] ttps://github.com/Kicksecure/bootclockrandomization

[2] Notably, one recent change is the 0-5 second time window is no longer excluded in the process, as it was found to aid fingerprinting.

[1]

[2]

Boot Clock Randomization

Contents

Introduction[edit]

Log Inspection[edit]

Disable[edit]

See Also[edit]

Footnotes[edit]