Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261789AbTENJ4X (ORCPT ); Wed, 14 May 2003 05:56:23 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261798AbTENJ4W (ORCPT ); Wed, 14 May 2003 05:56:22 -0400 Received: from host132.googgun.cust.cyberus.ca ([209.195.125.132]:11195 "EHLO marauder.googgun.com") by vger.kernel.org with ESMTP id S261789AbTENJ4V (ORCPT ); Wed, 14 May 2003 05:56:21 -0400 Date: Wed, 14 May 2003 06:06:56 -0400 (EDT) From: Ahmed Masud To: Yoav Weiss Cc: Linux Kernel Mailing List Subject: Re: encrypted swap [was: The disappearing sys_call_table export.] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1836 Lines: 50 On Wed, 14 May 2003, Yoav Weiss wrote: > On Tue, 13 May 2003, Ahmed Masud wrote: > > Yes, it sounds like an interesting project. Check out openbsd's paper > about this: http://www.openbsd.org/papers/swapencrypt.ps Thank you for this paper, it is a fun read. I do think however that a few implementation differences should take place: 1. We should not enforce Rijndael as the only choice. 2. Every page should be encrypted iff it marked with some flag. This gives a generic enough hook to create a swap_encrypt_policy type function to determine whether it is desirable to encrypt a particular page or not. 2a. The above flag may also be set or cleared by the page-owner process on a page-to-page basis (something a-kin to mlock()). 3. A slightly more sophisticated timeout framework should be created with the ability to enforce expiry or request expiry extensions (upto some type of a system hard limit?) on a per page. Please comment. This is an aside: should do we do anything about core dumps? > Let me know when you get it rolling. I'll try to help where I can. > I just hope it has a chance to be included. I will start looking at it seriously within next couple of days actually. I looked at the swap stuff in mm code yesterday for the first time and it seems (eeriely) straightforward, and i know i am going to run into an unseen brick wall :-). I would suspect that somewhere between the io requst generated by swap_readpage and swap_writepage cypto can be hooked in... haven't yet determined where/when the key generations should take place. Cheers, Ahmed Masud. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/