I just added a vm.swap_encrypt sysctl knob to enable or disable encrypting data when written out to swap space. This works roughly like swapping to a random-keyed cgd, but there are several advantages of vm.swap_encrypt=1 over swapping to a random-keyed cgd:
1. You can dynamically enable or disable vm.swap_encrypt with no other configuration. The setting will take effect for all pages newly written out to swap. You can force pages to be encrypted, or rekeyed, or decrypted, by removing all swap devices and re-adding them with swapctl(8) -- with the caveat that any page already written to disk might not need to be swapped out again, so whatever is already on disk may not be overwritten, and all the usual caveats about the efficacy of trying to overwrite physical media apply. 2. The swap encryption key is generated lazily. Currently /etc/rc.d/cgd runs _before_ /etc/rc.d/random_seed, so the cgd (u)randomkey methods can't take advantage of the random seed stored on disk. However, if you set vm.swap_encrypt=1, it won't try to generate a key until the first page has to be written out to swap -- generally long after all the rc scripts have completed. 3. You can still use the same device as a dump device if you want, and get crash dumps. Of course, the crash dumps are not encrypted; that's something else we should do -- but we'd need to use a persistent key for crash dumps so that you can decrypt them on next boot, whereas the swap encryption key is deliberately ephemeral. The disadvantage, of course, is that vm.swap_encrypt is newly implemented, and more likely to have bugs than random-keyed cgd. I'd like to turn it on by default -- any performance impact happens only when you're swapping anyway, which means your performance is hosed already -- but before I do that, more testing would be appreciated! To try it out, either run `sysctl -w vm.swap_encrypt=1' or put `vm.swap_encrypt=1' in /etc/sysctl.conf and reboot; then do something like try to scroll in Slack. What I did to test is: mount a tmpfs with no memory limit, use `yes helloworld | head -c $((512*1024*1024)) > /tmp/foo' to fill it up with a verifiable pattern, verify that the pattern does not appear in the swap file, and verify that the file reads back the same generated data. (Easy swap encryption is not a new _idea_ -- we should have had this decades ago rather than advising people to futz around with cgd(4). But, better late than never!)
