What progress does the moving line show during system shut down process?

Disk encryption process or system shut down process? I always wondered: if some day I perform emergency shut-off procedure (by long-pressing power button), will be Luks disk encrypted properly or not?

The moving line is just a representation of the progress of starting/stopping all services. You can see them all by pressing ESC (escape) on your keyboard while it’s happening.

The disk will always be in an encrypted state when using luks. What could be a problem is the fact that the key to access the data could still be intact in memory.


Is that in case of an emergency shutdown?

Ideally OS should wipe the encryption key on shutdown but unfortunately right now Qubes OS is not doing it so it doesn’t matter whatever you shutdown normally or not.

1 Like

No, if you trigger any uncontrolled reset or shutdown of the system, then keys will linger in memory for a short amount of time.

It’s a relative short amount of time, normally it would only be seconds, unless you are storing the memory in a super cooled state, using liquid nitrogen or something similar.

If you allow Xen to terminate the guest VM, you can try and use the Xen option scrub-domheap=true, it should force Xen to clear the memory as soon as it’s released by the VM. I tried running it just as a test, and it doesn’t seem like it adds a little extra time to shut down of VMs, but it was only a minor time increase.

1 Like

So these keys will be there forever or they will be gone after some time? In articles about Cold Boot Attack is written that these keys live not longer than seconds after shut down.

@renehoj answered your question in the previous post.

1 Like

My undetstanding (I might be wrong):

If you wipe the keys, you’ve got some control over the process, and you know when it is happening (during the shutdown procedure).

If you don’t wipe the keys, you’re letting physics drive the decay of that information in RAM. RAM is volatile by design, so the information stored in RAM is naturally lost after the power is cut. Usually that process happens in the order of seconds, but you don’t control that, so might be more or less seconds.

Now, if you understand the physics involved, you can slow down that loss of information (e.g. lowering the temperature). If you’re really determined and prepared, you might slow down that process enough to copy some of the information before it is lost.

Of course, that requires some effort, so the typical example involves small pieces of information of relatively high value: like valuable LUKS keys. Threat modelling hint: not all LUKS keys are valuable to folks capable of copying them from RAM.

Edit: On reflection, if you’re cooling down some RAM to get sone LUKS keys, or whatever, it seems unlikely you know where in the RAM they’re located. So I guess the process likely involves making a full copy of the contents of RAM while it’s cold, and then doing the analysis to figure out what is what and which bits (pun intended) are valuable. All this to say: this is a guess, but I said “small pieces of information” and now I suppose their size doesn’t really matter. It remains that you’d only go through all those hops if the information to retrieve was really valuable to you.