On Fri, Feb 03, 2017 at 10:10:19PM +0800, Tinker wrote:
> > > Also, if I would have put the swap on "sd1", then its contents would
> > > be
> > > encrypted doubly. Isn't that a bit wasteful.
> >
> > Not at all. Swap encryption and disk encryption serve different
> > purposes.
> > Swap crypto keys are discarded when the system resets to make residual
> > data in swap unrecoverable.
>
> I knew that swap crypto is enabled by default.
>
> I thought that, if you put your swap disk on a crypto softraid, then, you
> get a *sandwhiched* double crypto - both the swap crypto *and* the softraid
> crypto, so double work?
>
> Isn't that the case, so that it would be wasteful to have the swap on the
> crypto sofraid for that reason?
Just comments based on my understanding of swap and crypto softraid
interaction (so I could be wrong).
Considering the swap on crypto softraid for swap usage, yes it means
double encryption, and so it is a bit inefficient.
Considering the swap to hold bsd.core information, having a layer of
encryption is necessary for my point of vue (so using the swap on crypto
softraid).
My understanding is if savecore(8) is able to extract bsd.core
information from swap partition, it means the bsd.core information is
*not* encrypted by crypto-swap (else, as keys are discarded on reboot,
savecore(8) wouldn't have any way to uncrypt the swap without keys). So
as bsd.core is readable by savecore(8), it means it is also readable by
attacker (by direct read of the swap partition - unplug the disk and
voila).
Now, if the swap partition is on crypto-softraid, before accessing the
swap layer, an attacker needs the key of crypto-softraid. So bsd.core
information is protected from above attack.
On my laptop (with full disk encryption), I use two swap partitions:
- one on sd0b (for "normal" swap purpose)
- one on sd1b (for holding bsd.core information in case of panic)
And I adjust the priority of sd1b to make sd0b used first (in rc.local):
swapctl -c -p 1 /dev/sd1b
On panic, it is always sd1b which is used (as my root disk is sd1a) for
holding bsd.core information.
Comments are welcome.
--
Sebastien Marie
