emerg-shutdown immediately and forcibly powers off the system if the boot drive is removed or a "panic" key combo is pressed. When used in combination with full disk encryption, it is a powerful tool to prevent data theft by physically present attackers.

Overview

Some of Kicksecure's security features require the system to be powered off to be effective. For instance, Full Disk Encryption only works if an attacker cannot gain access to the encryption key used to lock the disk. This key is stored in RAM while the system is powered on and running normally. If an attacker can gain physical access to the machine while the key is in RAM, they can likely extract the data on the disk or even the key itself. Disk encryption is therefore not reliable unless the system is powered off when an attacker gains access to it.

If a user has to defend against an adversary that may become physically present without warning and take control of the system, they must power the system down as quickly as possible after the adversary arrives. However, traditional shutdown mechanisms are insufficient for a number of reasons:

They are oftentimes cumbersome to access (Start Menu → Power button → Shut Down → Yes), greatly reducing the chances that a user (especially a panicking user) will be able to use them in a timely fashion.
Even if a user can initiate a normal shutdown quickly enough, systemd may take an excessive amount of time to finish powering off the machine, allowing the adversary to initiate a cold boot attack or similar before the machine fully powers off.
Desktop machines can be physically unplugged to quickly power them off, but laptops generally will remain powered on even when AC power is lost, and removing the battery from most modern laptops is not a task that can be performed quickly.

emerg-shutdown solves these problems by allowing a user to instantly power off the system by removing the boot drive or by pressing a "panic" key combo.

emerg-shutdown is installed and enabled by default on Kicksecure 18 and higher. It is part of the security-misc package.

Usage

When emerg-shutdown is enabled, the system may be immediately shut down by doing one of the following actions:

Press the emergency key combo (by default Ctrl + Alt + End.^[1] This shortcut is recognized by emerg-shutdown as a "panic button" and will cause the system to be forcibly shut down.
Unplug the drive or eject the disc the system was booted from (only applicable when booting from a live ISO or a USB installation). emerg-shutdown will detect the drive removal and will forcibly shut down the system in response.^[2]

Both of these actions are expected to be fast and easy to do even in high-stress situations, while also being difficult to do on accident.

emerg-shutdown can also be used in scripts, programs, and system services to trigger an immediate shutdown. Running /run/emerg-shutdown --instant-shutdown as root will cause the system to be forcibly shut down.^[3]

emerg-shutdown prioritizes shutdown speed over avoiding data loss. The system will be powered off immediately, without taking the time to sync disks, unmount filesystems, or properly terminate applications. This will cause loss of unsaved data. If disks are mounted writable, it may also cause file corruption and filesystem damage. emerg-shutdown should be used only in emergencies or when testing, it should not be used as a general system shutdown mechanism.

emerg-shutdown bypasses ram-wipe. This may make cold boot attacks easier. A normal shutdown is therefore more secure if an attacker is not physically present. Of course, emerg-shutdown should be used if an attacker is physically present, because quick shutdown is more important than explicitly wiping memory contents in this scenario.

If a normal shutdown is started (for instance by using LXQt's "Shut Down" feature, shutdown now, poweroff, or similar), systemd will kill the emerg-shutdown process. Therefore, emerg-shutdown cannot be used to power off the system if it hangs during shutdown, and it may not work if an attacker arrives after you have already started shutting down the system.

Configuration

The emergency key combination in emerg-shutdown may be configured by placing a file under /etc/security-misc/emerg-shutdown or /usr/local/etc/security-misc/emerg-shutdown. See /etc/security-misc/emerg-shutdown/30_security_misc.conf for details.

The list of supported keys is hardcoded in the emerg-shutdown source code, in the key_table variable. See /usr/src/security-misc/emerg-shutdown.c Additional keys may be added to this list in the future if necessary.

Footnotes

↑ Why Ctrl + Alt + End? Originally Ctrl + Alt + Delete was used as the panic key, but other applications such as systemd may interpret this shortcut, and a more powerful Ctrl + Alt + Delete handler may be added to Kicksecure in the future. Ctrl + Alt + End is the keyboard shortcut used by Windows Remote Desktop Connection to send Ctrl + Alt + Delete to a remote system (https://serverfault.com/a/57233), so it was considered suitable as an "alternate Ctrl + Alt + Delete".
↑ emerg-shutdown's core executable supports a --paranoid option that will cause an immediate shutdown if any device is removed from the system. This may be useful in the future for users who need the system to shut down even if they unplug the "wrong" device. There currently is no configuration option to enable this mode.
↑ This requires root access because otherwise it would make denial-of-service attacks trivial. The usual methods of triggering emerg-shutdown don't require the ability to log in as root, but they do not pose a denial-of-service risk because they require a physically present user.

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!

[1] Why Ctrl + Alt + End? Originally Ctrl + Alt + Delete was used as the panic key, but other applications such as systemd may interpret this shortcut, and a more powerful Ctrl + Alt + Delete handler may be added to Kicksecure in the future. Ctrl + Alt + End is the keyboard shortcut used by Windows Remote Desktop Connection to send Ctrl + Alt + Delete to a remote system (https://serverfault.com/a/57233), so it was considered suitable as an "alternate Ctrl + Alt + Delete".

[2] emerg-shutdown's core executable supports a --paranoid option that will cause an immediate shutdown if any device is removed from the system. This may be useful in the future for users who need the system to shut down even if they unplug the "wrong" device. There currently is no configuration option to enable this mode.

[3] This requires root access because otherwise it would make denial-of-service attacks trivial. The usual methods of triggering emerg-shutdown don't require the ability to log in as root, but they do not pose a denial-of-service risk because they require a physically present user.

[1]

[2]

[3]

emerg-shutdown - Instantly Power Off the System

Page version status

Contents

Overview

Usage

Configuration

Footnotes

Navigation menu

emerg-shutdown - Instantly Power Off the System

Overview

Usage

Configuration

Footnotes

Navigation menu

Search