encrypted swap (was Re: [PATCH encrypted swsusp 1/3] core functionality)

[Andy Isaacson]

On Thu, Apr 14, 2005 at 09:39:04AM +1000, Herbert Xu wrote:
> > Andreas is right. They are encrypted in swap, but they should not be
> > there at all. And they are encrypted by key that is still available
> > after resume. Bad.
> 
> The dmcrypt swap can only be unlocked by the user with a passphrase,
> which is analogous to how you unlock your ssh private key stored
> on the disk using a passphrase.

Does dmcrypt have a simple operation mode like OpenBSD's encrypted swap?
I want to be able to 'sysctl -w kernel.swap_crypt=1' and get

 * pages are encrypted as they're written to swap
 * the key is automatically regenerated every 2 hours (or whatever); as
   pages encrypted under the old key age out, it can be freed eventually
 * I don't have to manage keys, choose algorithms, futz with /etc/fstab,
   figure out complex configs for /dev/loopN, etc

In fact, I want swap_crypt=1 to be the default (you can turn it off for
embedded systems if you want), but giving me an easy knob is a good
start for 2.6.

Everything I've seen makes me think that configuring dmcrypt is hard.
Don't make users make useless choices.  Sure, there are cases where the
complexity is warranted, but please make the 90% solution easy.

-andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/