System Recovery using SysRq Key - Control-Alt-Delete (often abbreviated to Ctrl+Alt+Del, also known as the "three-finger salute" or "Security Keys") for Linux
This supposes an advanced threat model. A system where a limited user ("
user") using a graphical X Window System session is different from the user with root/sudo permissions. The limited user account may be compromised by malware. This is already considered catastrophic under many threat models since once malware is running it has full access to all files accessible by the user, can see all keyboard inputs, take over login sessions, show false information on the screen and so forth. See also The Importance of a Malware Free System. However, when using multiple (virtual) machines for compartmentalization it may be bad but not catastrophic. In that case another goal is to prevent root compromise to help to protect the virtualizer and avoid host compromise, and similarly to avoid hardware compromise. See also Prevent Malware from Sniffing the Root Password.
Broken X Window System can block switching to virtual console. If X Window System is capable of that it logically follows that also malware that compromised X Window System could do that. "SysRq + r" can take away control from X Window System. After that, switching to another virtual console is possible without a compromised X Window System just simulating a virtual console login prompt and thereby sniffing the root password (login spoofing [archive]).
raw) can be used to make sure keyboard gets disconnected from X Window System.
Enable SysRq Temporarily
sudo -u root bash
echo "1" > /proc/sys/kernel/sysrq
Enable SysRq Permanently
echo "kernel.sysrq = 1" | sudo tee -a /etc/sysctl.d/50_sysrq.conf
Check if SysRq is Enabled
Overview of Commands
SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)
SysRq can also be used by writing to
sudo -u root bash
echo h > /proc/sysrq-trigger
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)