Unweitze Enweister wrote:
> In an implementation of loop-aes with keyscrubbing enabled, how does one
> verify that the keyscrub is actually being done for all aes keys in
> memory?
If you want to only check if AES key scrubbing was enabled at compile time,
then you can check your kernel logs for "loop: AES key scrubbing enabled"
message. That message gets written to kernel logs when loop driver is
initialized at module load time or when built-in-to-kernel loop driver is
initialized at boot time.
Or, if you want to see each pointer scrubbed, then you can add this code
printk("loop: scrubbing key at 0x%lX\n" (unsigned long)p);
to end of line 130 in glue.c file in loop-AES-v3.2a source directory. Then
recompile and load new module to kernel. It will flood your kernel logs when
there are one or more initialized AES encrypted loop devices set up.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
