From: Yves-Alexis Perez <corsac@debian.org>
To: Milan Broz <mbroz@redhat.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] DM-Crypt resistance against Cold Boot Attacks
Date: Thu, 19 May 2011 11:14:56 +0200 [thread overview]
Message-ID: <1305796496.9280.10.camel@oban> (raw)
In-Reply-To: <4DD4DA3C.90303@redhat.com>
On jeu., 2011-05-19 at 10:52 +0200, Milan Broz wrote:
> On 05/19/2011 10:01 AM, Yves-Alexis Perez wrote:
> > On jeu., 2011-05-19 at 09:05 +0200, Milan Broz wrote:
> >> On 05/18/2011 11:53 PM, Yves-Alexis Perez wrote:
> >>> If you read the paper, you'll noticed there's nothing to change to
> >>> dm-crypt, as the cypher is registered in the Crypto-API, it can be used
> >>> directly.
> >>
> >> TBH dmcrypt keeps its own copy of key (because key it is still part
> >> of the device-mapper mapping table so it must be available for
> >> status commands).
> >
> > In that case it'll be the “dummy” key.
>
> The logic now works that table line received from dmcrypt
> is directly usable - cryptsetup uses that e.g. for resize.
> Replacing the key with zeroes or something will break this.
I don't know enough dm-crypt arch, but aiui from the paper, everytime
you use the crypto-api to do stuff, it'll use the key in CPU debug
registers and not the dummy key. Do you mean cryptsetup resize doesn't
use the crypto-api (and will thus fail)?
>
> >> So there are some changes needed but basically technicaly unrelated
> >> to that patch.
> >> (This will hopefully change with new mapping table format soon.)
> >
> > Needed for what?
>
> You mean new table format?
No, I meant the “changes needed” :)
>
> ... etc.
>
> >>
> >> Anyway, it must be accepted into kernel crypto layer first.
> >
> > I'm not even sure it'll be submitted though.
>
> So it is just academic exercise for conferences?
No idea. Just to be clear, I'm in now way associated to that paper, I
just found it interesting after seeing the first mail in thread and
wanted to add my views about the suppossingly needed changes to
dm-crypt. But looking at their website and the papers I didn't see
anything about submitting the patch upstream. It might not be acceptable
to use the debug registers in mainline kernel though.
> > For the AES-NI one, if the hypervisor supports it (they tested on KVM)
> > yes (though the vm registers are stored in the host ram anyway).
>
> Yes, that was my point. (AES-NI works for guests but bare hw has
> of course limited hw resources.)
Note that I'm not sure it's a good idea to use encryption in a guest
anyway, at least not to protect from the host.
Regards,
--
Yves-Alexis
next prev parent reply other threads:[~2011-05-19 9:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-18 13:24 [dm-crypt] DM-Crypt resistance against Cold Boot Attacks Philipp Deppenwiese
2011-05-18 21:53 ` Yves-Alexis Perez
2011-05-19 7:05 ` Milan Broz
2011-05-19 8:01 ` Yves-Alexis Perez
2011-05-19 8:52 ` Milan Broz
2011-05-19 9:14 ` Yves-Alexis Perez [this message]
2011-05-19 9:36 ` Milan Broz
2011-05-18 22:03 ` Arno Wagner
2011-05-19 1:36 ` Kraktus
2011-05-19 1:37 ` Kraktus
2011-05-19 6:01 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1305796496.9280.10.camel@oban \
--to=corsac@debian.org \
--cc=dm-crypt@saout.de \
--cc=mbroz@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox