[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [dm-devel] dm-crypt userland key patch



> Bjorn Andersson wrote:
> > Patch to the dm-crypt module so that it hides the crypto-key from
> > userland. (dmsetup table)
> 
> Does it also overwrite the key in memory when unloading dm-crypt, make
> sure that the memory is pinned so the key doesn't leak to swap, unload
> the key before a 'hibernate', and that sort of stuff?
> 
> --
> dm-devel mailing list
> dm-devel redhat com
> https://www.redhat.com/mailman/listinfo/dm-devel

No, this does only report a key of zeros when the status is requested.

The unloading thing is no problem to fix, but how should the
'hibernate' thing work? When you resume after a 'hibernate' you probably
expect that the device is there, especially if it's on the root
partition. But I clearly see your point.

// Bjorn


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]