RE: encrypt ramdisk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Could anyone anwser my question?

Many many thanks..

Lei

-----Original Message-----
From: linux-kernel-owner@xxxxxxxxxxxxxxx
[mailto:linux-kernel-owner@xxxxxxxxxxxxxxx]On Behalf Of Lei Yang
Sent: Tuesday, July 20, 2004 10:04 AM
To: Linux-Kernel (E-mail)
Subject: Re: encrypt ramdisk


Well, I've asked questions about executable on ramdisk on this mailing list and got a lot of useful information here. Most say that since code is already in RAM (as it is in ramdisk), it will be mapped to process address space (text segment) and run in place. This seems very reasonable to me -- kernel will optimize the ram usage and should prevent duplicate copy of code in ram. 

Now I am very confused about loopback device and block device and ...., could anyone please tell me what I should read or where I should refer to so that I can get a better understanding as how this all works inside? I've been searching around and it seems that all the documents are about how to use a loopback device, none of them (as far as I can see) include a good description as how it actually works and what the kernel does to make it work.

Thanks very much! Really appreciate any help.
Lei

-----Original Message-----
From: Jan Hudec [mailto:bulb@xxxxxxxxxxxxxxxxxx]On Behalf Of Jan Hudec
Sent: Monday, July 19, 2004 7:23 PM
To: Lei Yang
Cc: kernelnewbies@xxxxxxxxxxxx
Subject: Re: encrypt ramdisk


On Mon, Jul 19, 2004 at 11:51:43 -0400, Lei Yang wrote:
> Hello,
> 
> Can I set up a ramdisk and use loopback encryption to encrypt it?
> As far as I understand, the OS will keep data encrypted on the hard 
> disk at all times and decrypts it in RAM only as it's read. So an encrypted 
> executable on physical hard disk will be decrypted page by page upon
> reading to RAM. But what happens to an executable sitting in ramdisk?
> Can I also encrypt it? Since the code is in RAM, it should be running in place,
> how do kernel deal with encrypted code and run? 

A code on ramdisk will NOT be running inplace. A code on tmpfs will --
and you can't mount that over loopback.

There are two layers -- a block device and a filesystem. The block
device reads and writes blocks -- and from filesystem's point of view,
it does not matter where they are stored in the end.

A ramdisk is a block device. The filesystem talks to it as if it was
a real disk.

The loopback is a virtual block device implemented in terms of something
able to read and write -- which might be another block device or a file.
Even if ramdisk was optimized to not copy the data (I really don't know
whether it is), it wouldn't affect it's behaviour. The loopback reads
the data, filters them and passes them on to the filesystem, copying
them in the process.

On the other hand tmpfs is a filesystem that does not use block device.
It keeps the data in cache. So they are executed and mmapped in place,
but there is no place to put a crypto loop in.

> Any comments?
> 
> Thanks in advance!
> Lei
> 
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 
-------------------------------------------------------------------------------
						 Jan 'Bulb' Hudec <bulb@xxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux