Re: Cryptoswap -- was Re: raw disk access
On Tue, Jan 14, 2003 at 10:08:22PM -0500, Hubert Chan wrote:
> >>>>> "Rolf" == Rolf Kutz <kutz@netcologne.de> writes:
>
> Rolf> * Quoting Joshua SS Miller (joshua@fitsnips.net):
> >> Cryptoswap? Hmm sound like something I was thinking about earlier
> >> today. Do you have a good resource for this?
>
> Rolf> http://www.kerneli.org/index.php
>
> Do the kerneli modules (officially) work with encrypted swap? I know
> loop-AES does, but I couldn't find anything about the kerneli
> (cryptoapi/cryptoloop) modules. (For loop-AES, do a Google search for
> it.)
>
> When encrypting swap, you need to make sure that you don't allocate new
> memory. Otherwise, it may cause some swapping, which makes you do
> encryption, which may allocate new memory, ad infinitum. loop-AES takes
> care of that explicitly, by preallocating memory, but I don't think
> cryptoapi/cryptoloop does, so you may be taking your chances with it.
Yes they do. I don't know if it's in the current release, but I
wrote a sample rc script and notes on it which should be included
in the package.
I never build a machine without it.
Reply to: