Re: [patch 0/5] Support for sanitization flag in low-level pageallocator
From: Pavel Machek
Date: Thu May 28 2009 - 08:48:59 EST
Hi!
> Index: linux-2.6/mm/Kconfig
> ===================================================================
> --- linux-2.6.orig/mm/Kconfig
> +++ linux-2.6/mm/Kconfig
> @@ -155,6 +155,26 @@ config PAGEFLAGS_EXTENDED
> def_bool y
> depends on 64BIT || SPARSEMEM_VMEMMAP || !NUMA || !SPARSEMEM
>
> +config PAGE_SENSITIVE
> + bool "Support for selective page sanitization"
> + help
> + This option provides support for honoring the sensitive bit
> + in the low level page allocator. This bit is used to mark
> + pages that will contain sensitive information (such as
> + cryptographic secrets and credentials).
> +
> + Pages marked with the sensitive bit will be sanitized upon
> + release, to prevent information leaks and data remanence that
> + could allow Iceman/coldboot attacks to reveal such data.
> +
> + If you are unsure, select N. This option might introduce a
> + minimal performance impact on those subsystems that make
> + use of the flag associated with the sensitive bit.
> +
> + If you use the cryptographic API or want to prevent tty
> + information leaks locally, you most likely want to enable
> + this.
This should not be configurable. Runtime config, defaulting to
'sanitize' may make some sense, but... better just be secure.
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/