geli'd swap and core dumps
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sun Sep 5 15:04:06 UTC 2010
On Sun, Sep 05, 2010 at 12:56:10AM -0700, Carl wrote:
> I would like to encrypt my swap partition like Pawel does on his
> company's production servers:
> Does Pawel's method result in kernel panics having no functional dump
> What are best practices for achieving encrypted swap and functional core
> dump recovery? Or are these mutually exclusive goals?
Well, the idea to encrypt swap is to prevent any sensitive data to be
stored on disk unencrypted where it might last for a long time.
If you configure to dump kernel memory to a disk (kernel dumps are not
encrypted) you kinda miss the point, as kernel memory can contain a lot
of sensitive data.
It would be best in such cases to use textdump(4) as there is quite a
lot of useful info, but no sensitive data at all (or not much at least,
depends on what you consider sensitive).
Unfortunately rc.d scripts order doesn't allow geli-encrypted swap and
dumpdev to co-operate, ie. geli is configured on swap device before
savecore(8) has a chance to read underlying device (to be more precise
not only read it, but also write to it, as it has to mark the data as
already obtained, so we don't save the same crash info on every reboot).
On the other hand we do want swap as soon as possible (even before
mounting / or /var read-write so we have more memory for fsck(8) for
example), so the solution is not as trival as changing scripts order.
The better fix would be to obtain and save crash info in memory
somewhere before we configure swap and copy it to /var/crash/ once we
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20100905/e6d4a083/attachment.pgp
More information about the freebsd-fs