I have attached a new version of loop.c-2.4.diff to this mail. Just
uncompress the .gz file and put it to loop-AES-v1.3d directory. Then type
"make" to compile a new loop.o module.
The most important change to loop driver is to pre-allocate a specified
amount of RAM pages for loop driver's swap emergency use. Even if kernel
runs totally out of free RAM, swapper daemon can still swap to loop device
because loop device will have guaranteed buffers it needs to do the
encryption and decryption. Guaranteed buffers are only available for device
backed (partition backed) loop devices. You must specify the number of RAM
pages to reserve and the loop device numbers that you use for swapping, by
passing the loop.o module a "lo_swap" parameter like this:
insmod loop lo_swap=X1,Y1[,X2,Y2[,X3,Y3[,X4,Y4]]]
Where Xn is the number of RAM pages to allocate and reserve, and Yn is the
loop device index. On x86 systems page size is 4 Kbytes, some other
architectures have 8 Kbyte page sizes. This example (on x86 architecture)
would reserve 32 * 4 Kbytes of RAM to loop device /dev/loop6 :
insmod loop lo_swap=32,6
On my debian system I used a startup script like the one below, and put it
on /etc/rcS.d/S56encrypted-swap.sh so it executes automatically at startup.
If you use the script below, make sure you set the SWAPDEVICE and LOOPINDEX
variables to correct values. Also, make sure to disable your swap partitions
in your /etc/fstab.
--------------------- cut here ---------------------
#!/bin/sh
#
# Run this script somewhere in your startup scripts _after_ random
# number generator has been initialized and /usr has been mounted.
# (uuencode, tail and head programs usually reside in /usr/bin/)
# Note: if you loop mount something (root or /home) before running this
# script, the insmod line must be moved to execute prior to such mounts
# encrypted swap partition
SWAPDEVICE=/dev/hda666
# number of reserved pages for swap emergency pool
PAGECOUNT=32
# loop device index
LOOPINDEX=6
# loop device name without index, /dev/loop/ for devfs
LOOPBASE=/dev/loop
insmod loop lo_swap=${PAGECOUNT},${LOOPINDEX}
dd if=/dev/urandom bs=18 count=1 2>/dev/null \
| uuencode -m - | tail -2 | head -1 \
| losetup -p 0 -e AES128 ${LOOPBASE}${LOOPINDEX} ${SWAPDEVICE}
mkswap ${LOOPBASE}${LOOPINDEX}
swapon ${LOOPBASE}${LOOPINDEX}
--------------------- cut here ---------------------
One thing that I am not entirely happy with above script is that the amount
of entropy in kernel's PRNG may be quite low at early stages of boot. The
fact that PRNG state is saved to disk on shutdown, and reloaded at boot,
does not give much confidence. If the disk file that is used to store PRNG
state is not encrypted, it may be possible to recover internal state of PRNG
and swap encryption keys as well. The best solution is probably to encrypt
root partition, and maintain PRNG state across shutdowns in a file somewhere
on encrypted root partition.
This is still experimental, so don't install this on production systems yet.
However, if you have a spare test system, and are willing to test this, I
would very much like to receive feedback. This patch makes swap on loop work
even if kernel is totally out of RAM, but it does not fix the VM bugs
present in current 2.4 kernels. I tried a couple of 2.4 kernels (Linus'
2.4.9, Alan's 2.4.8-ac7 and Andrea's 2.4.9aa3) and all of them failed my
torture tests, even when swapping directly to disk partition and no loop
driver was loaded. Just to prove that my test hardware was okay, I ran my
(unencrypted) torture tests on Andrea's 2.2.19aa2 kernel as well. That
kernel survived my torture tests.
Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>Attachment:
loop.c-2.4.diff.gz
Description: GNU Zip compressed data
-----BEGIN PGP MESSAGE----- Version: 2.6.3ia Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc iQCVAwUAO4E4bTMKg0M6Ig9RAQGRwAP/R1A908qIUz6yOLT/S1Kzudp27CdQW2hY FytHysObKpJUHEGM8Vnqv4ZUFmevBxToEVX0ampII/1SjVkcgyC+5J9e9hafXWsl 0lOhnJmnKlCYknFdo1wS8hk6JqR76oJ0aLxRmD/mMoGnnlpSj8EfXYAFf6YgsrOq KQD8LDW3+2s= =UPip -----END PGP MESSAGE-----
