From: Nigel Cunningham <ncunningham@linuxmail.org>
To: Andrea Arcangeli <andrea@novell.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Chris Wright <chrisw@osdl.org>, Jeff Garzik <jgarzik@pobox.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: mlock(1)
Date: Sat, 25 Sep 2004 22:21:21 +1000 [thread overview]
Message-ID: <1096114881.5937.18.camel@desktop.cunninghams> (raw)
In-Reply-To: <20040925010759.GA3309@dualathlon.random>
Howdy.
On Sat, 2004-09-25 at 11:07, Andrea Arcangeli wrote:
> We could use the cryptoloop or dm-crypto and everything would work fine
> if we were ok to re-run mkswap after every reboot (right after choosing
> the random password). But it sounds just simpler to leave the swap
> header in cleartext. The swap header and the swap metadata in general,
> are the only thing that can be written in cleartext safely.
>
> So when suspend kicks in, it will have only to write by hand into the
> swap device, using the a secondary password asked to the user by the
> suspend procedure. This will be the only password asked to the user.
Yes, that's exactly what I was thinking too: header & metadata in plain
text, data proper encrypted. Fits perfectly with suspend's current modus
operandi too.
> Resume will then ask the user for the same password again. It'd be also
> nice to waste 4k of swap space have a check to know if the resume
> password is ok and to avoid a kernel crash if I do a typo ;). Not being
> able to resume is still nicer than a potentially (though very unlikely)
> fs-corrupting kernel crash.
There must be some way of being able to check the password is correct
without compromising security by encrypting static text and storing it
at a known location! Darned if I know what it is though.
> This I believe should work safely. As far as suspend is concerned we
> could also use cryptoloop instead of interfacing swap directly with
> cryptoapi, then suspend should simply overwrite the swap header and
> resume should reistantiate it (could even be saved in encrypted form in
> another suspend-block), but then we'd need to run mkswap every boot and
> that's not nice. Leaving the swap metadata in cleartext sounds a lot
> nicer to avoid mkswap and to still choose random swap password at every
> reboot.
Perhaps it will help here to say that suspend plays nicely with swapping
at the moment. All of the implementations use the normal swap allocation
routines to get and free the pages they write to, and they also only
change (reverseably) the ten-character header on the header page (not
the data itself). (The SWAP-SPACE or SWAPSPACE2 sig). You thus don't
have to re-mkswap after suspending. Writing the image is done using
submit_bio, not the swapspace specific routines.
Regards,
Nigel
next prev parent reply other threads:[~2004-09-25 12:19 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-24 19:57 mlock(1) Jeff Garzik
2004-09-24 20:15 ` mlock(1) Neil Horman
2004-09-24 20:21 ` mlock(1) Neil Horman
2004-09-24 20:31 ` mlock(1) Lee Revell
2004-09-24 20:33 ` mlock(1) Jeff Garzik
2004-09-24 20:39 ` mlock(1) Lee Revell
2004-09-24 20:22 ` mlock(1) Chris Wright
2004-09-24 20:41 ` mlock(1) Chris Friesen
2004-09-24 20:46 ` mlock(1) Chris Wright
2004-09-24 20:54 ` mlock(1) Chris Friesen
2004-09-24 20:59 ` mlock(1) Chris Wright
2004-09-24 22:48 ` mlock(1) Ryan Cumming
2004-09-24 21:07 ` mlock(1) Alan Cox
2004-09-24 22:19 ` mlock(1) Chris Wright
2004-09-24 22:30 ` mlock(1) Jeff Garzik
2004-09-24 23:08 ` mlock(1) Chris Wright
2004-09-24 22:59 ` mlock(1) Andrea Arcangeli
2004-09-24 23:46 ` mlock(1) Nigel Cunningham
2004-09-25 1:07 ` mlock(1) Andrea Arcangeli
2004-09-25 1:21 ` mlock(1) David Lang
2004-09-25 1:30 ` mlock(1) Andrea Arcangeli
2004-09-25 1:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:15 ` mlock(1) Andrea Arcangeli
2004-09-25 2:46 ` mlock(1) Valdis.Kletnieks
2004-09-25 2:58 ` mlock(1) Andrea Arcangeli
2004-09-25 3:29 ` mlock(1) Valdis.Kletnieks
2004-09-25 4:07 ` mlock(1) Andrea Arcangeli
2004-09-25 4:52 ` mlock(1) Valdis.Kletnieks
2004-09-25 17:15 ` mlock(1) Andy Lutomirski
2004-09-25 2:33 ` mlock(1) Bernd Eckenfels
2004-09-25 1:27 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Robert White
2004-09-28 22:15 ` mlock(1) Andrea Arcangeli
2004-09-28 23:26 ` mlock(1) Robert White
2004-09-29 1:16 ` mlock(1) Jon Masters
2004-09-29 1:23 ` mlock(1) Alan Cox
2004-09-29 3:46 ` mlock(1) Robert White
2004-09-29 12:34 ` mlock(1) Jon Masters
2004-09-29 15:57 ` mlock(1) Lee Revell
2004-09-29 22:56 ` mlock(1) Paul Jackson
2004-09-25 12:21 ` Nigel Cunningham [this message]
2004-09-25 14:53 ` mlock(1) Andrea Arcangeli
2004-09-28 8:48 ` mlock(1) Pavel Machek
2004-09-30 17:42 ` mlock(1) Andrea Arcangeli
2004-09-30 18:54 ` mlock(1) Pavel Machek
2004-09-30 19:17 ` mlock(1) Andrea Arcangeli
2004-09-30 19:52 ` mlock(1) Pavel Machek
2004-10-04 12:21 ` mlock(1) Jack Lloyd
2004-09-24 23:59 ` mlock(1) Bernd Eckenfels
2004-09-25 0:25 ` mlock(1) Nigel Cunningham
2004-09-25 1:18 ` mlock(1) Andrea Arcangeli
2004-09-27 6:16 ` mlock(1) Stefan Seyfried
2004-09-27 10:32 ` mlock(1) Nigel Cunningham
2004-09-27 14:29 ` mlock(1) Andrea Arcangeli
2004-09-27 20:32 ` mlock(1) Wolfgang Walter
2004-09-27 14:16 ` mlock(1) Andrea Arcangeli
2004-09-27 13:31 ` mlock(1) Alan Cox
2004-09-29 1:48 ` mlock(1) Andrea Arcangeli
2004-09-27 14:34 ` mlock(1) Stefan Seyfried
2004-09-27 15:07 ` mlock(1) Andrea Arcangeli
2004-09-27 15:25 ` mlock(1) Stefan Seyfried
2004-09-27 15:38 ` mlock(1) Andrea Arcangeli
2004-09-30 13:04 ` mlock(1) Pavel Machek
2004-09-27 22:22 ` mlock(1) Nigel Cunningham
2004-09-27 22:43 ` mlock(1) Andrea Arcangeli
2004-09-28 22:03 ` mlock(1) Nigel Cunningham
2004-09-24 20:24 ` mlock(1) Chris Friesen
2004-09-24 21:17 ` mlock(1) Andrew Morton
2004-09-25 0:26 ` mlock(1) Chris Wright
2004-09-25 1:28 ` mlock(1) Andrew Morton
2004-09-25 1:33 ` mlock(1) Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1096114881.5937.18.camel@desktop.cunninghams \
--to=ncunningham@linuxmail.org \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andrea@novell.com \
--cc=chrisw@osdl.org \
--cc=jgarzik@pobox.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox