- How can we securely erase the working data while AirGap Wallet is exiting? Remember that filesystems don't overwrite files in-place so merely writing random data won't work. There must be some kind of package for this. Even better would be some program that makes a temporary, encrypted filesystem before AirGap starts - probably connected by FUSE or something. At least that way, the working directory is scrambled even if the system loses power.
Wouldn't full-disk encryption sufficient in this case?
- How to make it run inside a "network jail" where all networking is disabled or a particular process? I am thinking of something like "seccomp-bpf" that is also used in Bitcoin Core but again, there must already be some kind package for this.
- By the same vein, how can USB, serial/parallel ports, and direct peripheral access be disabled for that particular program?
Run it inside certain sandboxing/"jail", such as chroot. But at this point, i'd recommend people to use VM instead unless they're Linux expert or have lots of free time for trial-and-error.