Subject: Re: encrypted swap?
To: None <wojtek@wojtek.3miasto.net>
From: Lord Isildur <mrfusion@umbar.vaxpower.org>
List: tech-kern
Date: 06/04/2001 10:11:24
I think the zero-out the swap on shutdown is more important than the
encryption while running, and should be a lot easier and less painful on
cpu. if someone can compromise the system enough to get permissions to
read the swap device directly (if it's properly protected to begin with)
then he can directly read kmem or do anything else he wishes with the
system anyhow. however, i would say thiat an attack on a swap device is most
likely and serious when a machine is offline and the device can be physically
manipulated- and there, zeroing out at shutdown is a pretty cheap way to
defeat that. that would be a very useful thing to have. actually it could
also be done bu just dd'ing /dev/zero to the swap devices listed in
/etc/fstab, from the shutdown or halt commands...
is there any hardware that encrypts/decrypts data to/from disk? thats where
it ought to be done.. (of course, i think network interfaces ought to do
encryption in hardware too :-)
my .02
isildur
On Mon, 4 Jun 2001 wojtek@wojtek.3miasto.net wrote:
> > >
> > > Has anyone looked at the encrypted swap option Niels Provos added
> > > to UVM in OpenBSD?
> >
> > No, but I've been thinking about what it'd take to add that sort of
> > feature to NetBSD.
>
> is your machine too fast?
>
> > I'm also interested in adding a "zero-swap on shutdown" feature that
> > writes 0's over the entire swap partition when the box is shutdown
> > normally (not a panic).
>
> this make more sense.
>
>