Subject: Re: zero'd swap & encrypted swap
To: None <tech-kern@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 06/04/2001 14:30:58
[ On Tuesday, June 5, 2001 at 00:39:54 (+1000), Darren Reed wrote: ]
> Subject: zero'd swap & encrypted swap
>
> 2. encrypting swap
> I seriously doubt CPU is an issue here, except maybe for the likes of
> sun2.

Hmmm... I think it would be a problem on my SS1, and probably on the SS2
as well.  It would porbably be a problem on this pair of 486 laptops I
have sitting here, and with one of them only having 4MB of RAM there's
always lots of swapping going on with it!  ;-)

In fact it doesn't seem obvious to me that any CPU can be "wasted" while
the system is swapping -- certainly there is time where the CPU is idle
waiting for the I/O to complete, but that's after the I/O request has
been sent, not before!  ;-) [or conversely after the I/O is done and the
data's available].  If swap operations are always multiple I/Os then I
guess the encryption delay might only be before the first operation on
write and after the last on read, but is that _often_ the case?

>  If possible, it would be nice if there was a way to not store
> key material for swap on disk anywhere.

I thought that would be obvious.  You don't need to retrieve that
information between reboots so you don't want that key to be
long-lived.  It should be easy enough to ensure it's stored in some part
of the kernel that's not itself ever swapped out.  The only trick is in
gathering enough entropy to generate a random enough key before you have
to begin swapping....

>  Writing out of kernel memory
> on a panic to generate a crash dump should be disabled if encrypted
> swap is in use.

and I think that should be self-obvoius too.....  (unless you make the
swap key long-lived too and you encrypt the dump on the way out)

Beyond the risk of latent recordings being recovered I'm still not
really sure what you gain by encrypting swap (eg. over zeroing it on
shutdown).  Maybe if your kernel panics (and even if it doesn't dump)
and then you expose the machine physically (or it's something like a
laptop -- in which case obviously your filesystems are encrypted with
some long-living key, right? :-), then you might risk some exposure of
recently used data, but is encrypted swap really worth it?  I guess it
depends on what kind of data you work with on an already physically
exposed machine!  :-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>