That's a good idea. Linux already has a beautiful API for encrypted block
devices (to be used for filesystems ultimately) that is available at
http://www.kerneli.org/ .
>From what I understand, those can't be used to make a secure swap
partition because they occaisionally need to allocate more memory. A
swap-out would cause a very nasty catch-22.
I know very little about "strong" cryptographic algorithms, so I'm not
sure if any exist that would have reasonably stable memory usage.
Also... grabbing a key from the entropy available at "first swap" isn't
necessarily a good idea. What if there isn't enough entropy? Go
unsecure? Worse, block until entropy replenishes... (as is normal for
/dev/random) yuck.
Many distributions have a random seed they store when they shut down, and
restore when they start up. This keeps a sufficient level of entropy, but
then you are depending on userland to do something before swapping is
necessary. This isn't necessarily bad, after all userland needs to
/sbin/swapon before anything happens anyway. The Mounting of the swap
seems to be logical place to pull a key out of entropy.
Lucca
lucca@acm.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/