Kicksecure ™

Download

On Computer USB Installation Intel / AMD64 ARM64 Raspberry Pi PPC64 Windows (VM) Mac Linux (VM) VirtualBox (VM) Qubes (VM) KVM (VM) Debian morph to Kicksecure More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Wipe RAM at shutdown to prevent information extraction from memory.

ram-wipe is a software project designed to protect against RAM extraction attacks by erasing the contents of a computer's random access memory (RAM) when the system is shut down or restarted. This helps prevent attackers from recovering sensitive data that may have been temporarily stored in RAM.

ram-wipe is especially useful for organizations that work with confidential information and need an extra layer of security. By clearing the RAM during shutdown or reboot, ram-wipe reduces the risk of data theft through RAM extraction and improves overall system security.

RAM extraction attacks have been a known method to steal information from computers since at least 2008. ^[1] Many people assume that all data in RAM disappears as soon as a computer is turned off, but this isn’t always true. In some cases, the contents of RAM can remain for several seconds or even minutes after power loss.

Research by 3MDEB ^[2] confirms that this type of attack still works with modern RAM like DDR4 and DDR5, which are common in today’s computers. Sometimes RAM is wiped instantly after shutdown or power loss, but in many cases the contents can stay for a few seconds, or even minutes.

Since at least 2011, the Linux live operating system Tails has included a RAM wiping feature during shutdown. ^[3] (Live systems are run from USB sticks or DVDs.) However, Tails’ documentation explains that this feature has limitations.

Until recently, no other Linux distributions like Debian or Fedora included RAM wiping by default.

In 2023, the ram-wipe package was released as a new solution. It wipes RAM during Linux kernel reboot or shutdown sequences, helping prevent data from being recovered later. There has also been a ram-wipe security-audit by 3MDEB in 2025.

ram-wipe works on Debian, Kicksecure, and possibly other Linux systems. It can also be adapted for other Linux-based setups or devices.

The tool uses a dracut module, a plugin for the Dracut tool, which helps create the early environment used when the system boots. Many Linux distributions already include Dracut, so packaging ram-wipe for other systems is easier.

ram-wipe is free to use and Open Source. The source code is available and has minimal dependencies (which are other software that must be present for a program to work). It is also Freedom Software, meaning anyone can study, modify, and share it under its license.

However, software-based RAM wiping (like ram-wipe or the feature in Tails) has a key limitation: It only works if the system shuts down properly. For example, it will not protect from some of the cold boot attacks when the device suddenly loses power (for example when the power supply is being unplugged suddenly), and the software execution flow is broken. In such case, ram-wipe will not have a chance to be launched.

For technical details on ram-wipe using initramfs-tools (a tool for building the early boot environment, similar to Dracut), see: Status of initramfs-tools Support.

See also:

• Differences between ram-wipe and Tails’ memory erasure
• ram-wipe (developer documentation)

1. Platform specific notice.

• Debian: Debian comes with initramfs-tools by default.
• Kicksecure: Newer builds of Kicksecure come with dracut by default.
• Qubes: Unsupported. ^[4]

2. Migrate to dracut. ^[5]

It's required to migrate to dracut if not already done. See instructions on the dracut wiki page to find out if dracut is already installed and to find instructions on how to install it.

3. Reboot.

This is to test if dracut is functional. If the system boots normally, then everything is okay.

4. Add Kicksecure APT repository.

Note: Users of Kicksecure can skip this step.

5. Install ram-wipe.

sudo apt update

sudo apt install ram-wipe

6. Done.

The process of installing ram-wipe has been completed.

ram-wipe is useful on the host operating system but not so much inside a VM. See also Dev/RAM_Wipe#ram-wipe_Testing_inside_a_VM.

[  OK  ] Reached target initrd.target - Initrd Default Target.
         Starting dracut-pre-pivot.service - dracut pre-pivot and cleanup hook...
[    8.686156] dracut-pre-pivot[763]: INFO: wipe-ram-needshutdown.sh: Calling dracut function need_shutdown to drop back into initramfs at shutdown, OK.
[  OK  ] Finished dracut-pre-pivot.service - dracut pre-pivot and cleanup hook.

[   42.474323] dracut INFO: wipe-ram.sh: RAM extraction attack defense... Starting RAM wipe pass during shutdown...
[   42.501159] dracut INFO: wipe-ram.sh: RAM wipe pass completed, OK.
[   42.502837] dracut INFO: wipe-ram.sh: Checking if there are still mounted encrypted disks...
[   42.508801] dracut INFO: wipe-ram.sh: Success, there are no more mounted encrypted disks, OK.
[   42.530125] reboot: Restarting system

• Wiping the video RAM (the RAM of the graphics card) has not been implemented anywhere to the knowledge of the author. ^[6]

To wipe the LUKS full disk encryption (FDE) for the root disk from RAM it is required to unmount the root disk file system and close the root disk LUKS volume during the shutdown process.

This has been implemented as per dracut shutdown hook to close encrypted devices and wipe their encryption keys from kernel memory.

ram-wipe attempts to check if unencrypted root disks have been unmounted at the end of the shutdown process and to inform the user in case of potential failures.

• ram-wipe is installed by default in Kicksecure 18 (and above).

• RAM Extraction Attack Defense - RAM Wipe Design Documentation
• Is RAM Wipe possible? Cold Boot Attack Defense

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!