On Dec 19, 2006, at 08:59, Darren J Moffat wrote:
Darren Reed wrote:
If/when ZFS supports this then it would be nice to also be able
to have Solaris bleach swap on ZFS when it shuts down or reboots.
Although it may be that this option needs to be put into how we
manage swap space and not specifically zomething for ZFS.
Doing this to swap space has been a kernel option on another very
widely spread operating system for at least 2 major OS releases...
Which ones ? I know that MacOS X and OpenBSD both support
"encrypted" swap which for swap IMO is a better way to solve this
problem.
You can get that today with OpenSolaris by using the stuff in the
loficc project. You will also get encrypted swap when we have ZFS
crypto and you swap on a ZVOL that is encrypted.
Note though that that isn't quite the same way as OpenBSD solves
the encrypted swap problem, and I'm not familiar with the technical
details of what Apple did in MacOS X.
there's an encryption option in the dynamic_pager to write out
encrypted paging files (/var/vm/swapfile*) .. it gets turned on with
an environment variable that gets set at boot (what happens when you
choose secure virtual memory.) Before this was implemented there was
a workaround using an encrypted dmg that held the swap files .. but
that was an incomplete solution.
Bleaching is a time consuming task, not something I'd want to do at
system boot/halt.
particularly if we choose to do a 35 pass Gutmann algorithm .. :)
---
.je
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
