> Date: Sun, 10 May 2020 23:53:00 +0100 > From: Alexander Nasonov <al...@yandex.ru> > > Taylor R Campbell wrote: > > Log Message: > > Implement swap encryption. > > > > Enabled by sysctl -w vm.swap_encrypt=1. > > If secmodel_securelevel(9) is still a thing, locking down this sysctl > at high securelevel may improve our security. Prior to this change, > swap devices were readable (even if enrypted with cgd). With this > sysctl set to 1, all new swap devices will be encrypted, the only > thing to worry about is if it's set back to 0 on a compromised host.
This sounds entirely reasonable. Would you like to draft an implementation of that? Presumably it would require writing a sysctl callback function for vm.swap_encrypt, and would somehow involve kauth, but I'm not sure offhand what needs to happen beyond that. Perhaps vm.user_va0_disable can be a source of inspiration.