Hello,
I've written an encryption package for linux. It encrypts files belonging to
chosen user groups and also encrypts swap.
This is what i did for swap encryption:
in mm/page_io.c
rw_swap_page_base(int rw, swp_entry_t entry, struct page* page, int wait)
{
...
if (write operation)
encrypt( page )
increment page->count (usage counter)
brw_page(page,...); /*do the actual writing*/
wait_on_page(page)
decrypt( page )
decrement page->count(usage counter)
...
}
Without encryption:
----------------------------
the function is async: if its a write operation the function exits without
waiting.
When i added encryption:
-------------------------------------
I encrypt the page before its written to swap and decrypt it after the write
operation is over.
IF I dont decrypt after the write operation, it may be accessed (it may be a
shared page) elsewhere, by something else before its freed. That will result
in reading of encrypted data...thats bad.
IF I decrypt the page before completion of IO, i may write a half-encrypted
page to swap...system crashes.
So, I have to wait_on_page (wait for IO to complete), then decrypt that page
-- restore it to orignal state.
So, the function is no longer async + that redundant decrypt(for write
operations)
Is there any better way to encrypt swap while keeping the transparency and
the async nature of swap io??
The key i use for encrypting swap is a function of system boot time.
In case the swap device is stolen, it would require knowledge of the last
system boot time to read it.
To introduce true randomness, i need the user to enter some garbage on the
keyboard during startup (user should NOT remember it!).
Please let me know how i can prompt the user at startup...before the first
time swap is used...during kernel init.
Thanking you and best regards - anand.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
