Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
t1...@protonmail.ch (Tinker), 2018.02.22 (Thu) 06:04 (CET): > (Marcus, you meant only this 2015-05 thread right? > https://marc.info/?t=14318149831 ) yes, I messed the links up! Thanks for the correction. > I think I like to keep dumps enabled also on a production machine. Even > if it's incredibly rare, it is possible for a production machine to > crash, and the dump could be instructive. > > (For a production machine with dumps disabled, indeed the default swap > crypto is sufficient, and indeed using swap in softraid is > cryptographically redundant.) > > I realize the thread subject is not optimal ("SWAP should always be > inside crypto softRAID, right? (For OS crash dump data to be > encrypted.)". > > Here is the updated subject and query: > > "If I want to have crash dumps enabled, while enjoying the crypto > softraid's physical data theft protection for all data, THEN my SWAP > partition(s) should be inside the softraid, right?". >From the thread you cited above... https://marc.info/?l=openbsd-misc=143185991125110=2 stsp@: Keeping swap on the same disk as the root filesystem has some advantages. For historical reasons the system expects this in various places. More things (such as hibernate) will work out of the box this way. So if you have Full Disk Encryption (FDE) then your swap device should be inside the encrypted disk, yes. And, keep swap encryption *on*, although it's on a softraid(4) encrypted device, according to tedu@: https://marc.info/?l=openbsd-misc=143206067713324=2 [...] to the contrary, uvm swap encrypt does a better job of expiring keys and making old data unrecoverable. Yet another point: consider abandoning suspend/hibernation with FDE! Marcus > On February 9, 2018 6:07 PM, Marcus MERIGHIwrote: > .. > > there's a 2016-11 thread that's related: > > "swap on encrypted softraid, performance penalty" > > > > stsp@ > > https://marc.info/?l=openbsd-misc=143184355522545 > > tedu@ > > https://marc.info/?l=openbsd-misc=143206067713324 > > On February 9, 2018 6:55 AM, Tom Smyth wrote: > >Thanks kevin i missed the dump part... agree with disable dump on prod > > ..enable on dev > > On February 9, 2018 6:49 AM, Kevin Chadwick wrote: > >On Thu, 8 Feb 2018 19:39:39 + > >>Afaik swap is encrypted anyway on OpenBSD > >> > > It is with a random key which is actually more secure than the softraid > > key. > > > > However to the OPS question relating to dumps. > > > > I believe the answer is that dumps are helpful and OpenBSD is a > > developer system primarily but you should disable them with sysctl for > > production or if you have concerns. > > On February 9, 2018 3:39 AM, Tom Smyth wrote: > > Afaik swap is encrypted anyway on OpenBSD > > On February 9, 2018 3:30 AM, trondd wrote: > .. > > Assuming you are doing full disk encryption otherwise, put swap inside the > > softraid disk. The kernel is hardcoded to look on the boot disk to save > > dumps. If swap was is on sd0 but you decrypt a partition as sd1 and boot > > from that, swap is no longer on the same disk. > > > > Unless you override with config(8) > > > > Tim. >
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
Hi, Thanks for your comments. (Marcus, you meant only this 2015-05 thread right? https://marc.info/?t=14318149831 ) I think I like to keep dumps enabled also on a production machine. Even if it's incredibly rare, it is possible for a production machine to crash, and the dump could be instructive. (For a production machine with dumps disabled, indeed the default swap crypto is sufficient, and indeed using swap in softraid is cryptographically redundant.) I realize the thread subject is not optimal ("SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)". Here is the updated subject and query: "If I want to have crash dumps enabled, while enjoying the crypto softraid's physical data theft protection for all data, THEN my SWAP partition(s) should be inside the softraid, right?". Thoughts, criticism? Thanks, Tinker On February 9, 2018 6:07 PM, Marcus MERIGHIwrote: .. > there's a 2016-11 thread that's related: > "swap on encrypted softraid, performance penalty" > > stsp@ > https://marc.info/?l=openbsd-misc=143184355522545 > tedu@ > https://marc.info/?l=openbsd-misc=143206067713324 On February 9, 2018 6:55 AM, Tom Smyth wrote: >Thanks kevin i missed the dump part... agree with disable dump on prod > ..enable on dev On February 9, 2018 6:49 AM, Kevin Chadwick wrote: >On Thu, 8 Feb 2018 19:39:39 + >>Afaik swap is encrypted anyway on OpenBSD >> > It is with a random key which is actually more secure than the softraid > key. > > However to the OPS question relating to dumps. > > I believe the answer is that dumps are helpful and OpenBSD is a > developer system primarily but you should disable them with sysctl for > production or if you have concerns. On February 9, 2018 3:39 AM, Tom Smyth wrote: > Afaik swap is encrypted anyway on OpenBSD On February 9, 2018 3:30 AM, trondd wrote: .. > Assuming you are doing full disk encryption otherwise, put swap inside the > softraid disk. The kernel is hardcoded to look on the boot disk to save > dumps. If swap was is on sd0 but you decrypt a partition as sd1 and boot > from that, swap is no longer on the same disk. > > Unless you override with config(8) > > Tim.
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
Hello Tinker, there's a 2016-11 thread that's related: "swap on encrypted softraid, performance penalty" stsp@ https://marc.info/?l=openbsd-misc=143184355522545 tedu@ https://marc.info/?l=openbsd-misc=143206067713324 Marcus t1...@protonmail.ch (Tinker), 2018.02.08 (Thu) 19:49 (CET): > Hi misc@, > > I looked through previous discussions on whether a SWAP partition > should be inside or outside the RAID partition when making a crypto > softraid. > > The only argument I stumbled into was that it should be outside because > swap is encrypted anyhow and it would be unnecessary to double-encrypt > the swap. > > > That seems like a weak argument to me, because swap is generally used > rarely and so speed does not really matter anyhow, and, the swap > partition is always used also as dump partition, and dumps are *not* > encrypted. > > For the case that a dump would happen, you want the OS to encrypt it > and the way to do that is to put the SWAP *inside* the RAID. > > > Maybe a crash-dump can be induced somehow. Maybe someone would get hold > of the HDD while the dump data is still on the swap partition because > the OS has not booted again, which would otherwise normally migrate > that dump data over to the filesystem. > > This is an extreme consideration though as a comprehensive motivation > for a choice it appears to me to make all sense. > > > Thoughts, comments? > > I would probably interpret no comments as that the SWAP should indeed > be located inside the RAID for this said reason. > > Thanks, > Tinker >
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
Thanks kevin i missed the dump part... agree with disable dump on prod ..enable on dev On 8 Feb 2018 22:51, "Kevin Chadwick"wrote: > On Thu, 8 Feb 2018 19:39:39 + > > > > Afaik swap is encrypted anyway on OpenBSD > > It is with a random key which is actually more secure than the softraid > key. > > However to the OPS question relating to dumps. > > I believe the answer is that dumps are helpful and OpenBSD is a > developer system primarily but you should disable them with sysctl for > production or if you have concerns. > >
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
On Thu, 8 Feb 2018 19:39:39 + > Afaik swap is encrypted anyway on OpenBSD It is with a random key which is actually more secure than the softraid key. However to the OPS question relating to dumps. I believe the answer is that dumps are helpful and OpenBSD is a developer system primarily but you should disable them with sysctl for production or if you have concerns.
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
Afaik swap is encrypted anyway on OpenBSD On 8 Feb 2018 6:52 PM, "Tinker"wrote: Hi misc@, I looked through previous discussions on whether a SWAP partition should be inside or outside the RAID partition when making a crypto softraid. The only argument I stumbled into was that it should be outside because swap is encrypted anyhow and it would be unnecessary to double-encrypt the swap. That seems like a weak argument to me, because swap is generally used rarely and so speed does not really matter anyhow, and, the swap partition is always used also as dump partition, and dumps are *not* encrypted. For the case that a dump would happen, you want the OS to encrypt it and the way to do that is to put the SWAP *inside* the RAID. Maybe a crash-dump can be induced somehow. Maybe someone would get hold of the HDD while the dump data is still on the swap partition because the OS has not booted again, which would otherwise normally migrate that dump data over to the filesystem. This is an extreme consideration though as a comprehensive motivation for a choice it appears to me to make all sense. Thoughts, comments? I would probably interpret no comments as that the SWAP should indeed be located inside the RAID for this said reason. Thanks, Tinker
Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)
On Thu, February 8, 2018 1:49 pm, Tinker wrote: > Hi misc@, > > I looked through previous discussions on whether a SWAP partition > should be inside or outside the RAID partition when making a crypto > softraid. > > The only argument I stumbled into was that it should be outside because > swap is encrypted anyhow and it would be unnecessary to double-encrypt > the swap. > > > That seems like a weak argument to me, because swap is generally used > rarely and so speed does not really matter anyhow, and, the swap > partition is always used also as dump partition, and dumps are *not* > encrypted. > > For the case that a dump would happen, you want the OS to encrypt it > and the way to do that is to put the SWAP *inside* the RAID. > > > Maybe a crash-dump can be induced somehow. Maybe someone would get hold > of the HDD while the dump data is still on the swap partition because > the OS has not booted again, which would otherwise normally migrate > that dump data over to the filesystem. > > This is an extreme consideration though as a comprehensive motivation > for a choice it appears to me to make all sense. > > > Thoughts, comments? > > I would probably interpret no comments as that the SWAP should indeed > be located inside the RAID for this said reason. > > Thanks, > Tinker > Assuming you are doing full disk encryption otherwise, put swap inside the softraid disk. The kernel is hardcoded to look on the boot disk to save dumps. If swap was is on sd0 but you decrypt a partition as sd1 and boot from that, swap is no longer on the same disk. Unless you override with config(8) Tim.