geli'd swap and core dumps

Tue Sep 7 10:33:30 UTC 2010

On Tue, Sep 07, 2010 at 03:10:52AM -0700, Carl wrote:
> On 2010-09-05 8:03 AM, Pawel Jakub Dawidek wrote:
> >>What are best practices for achieving encrypted swap and functional core
> >>dump recovery? Or are these mutually exclusive goals?
> >
> >Well, the idea to encrypt swap is to prevent any sensitive data to be
> >stored on disk unencrypted where it might last for a long time.
> >If you configure to dump kernel memory to a disk (kernel dumps are not
> >encrypted) you kinda miss the point, as kernel memory can contain a lot
> >of sensitive data.
> 
> It makes sense that best practice would be to disable the dump
> device, yet it appears dumpdev is set to AUTO as the default on
> current versions of FreeBSD. Does AUTO imply a behaviour that will
> intelligently recognize the lack of a functional dumpdev in the case
> of a geli'd swap or do I need to explicitly set dumpdev to NO to
> avoid errors on normal startups or even bad behaviour during a
> kernel panic?

dumpdev="auto" results in the system rc scripts examining /etc/fstab to
look for any swap slices you've defined there.

If there are none listed in /etc/fstab, then you should set the dump
device explicitly using dumpdev="/dev/xxx" syntax.  If there are some in
/etc/fstab which you don't want to use, apply the same advice.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |