Feasibility/Practicality of using GBDE to facilitate encrypted swap, md, /tmp, filesystems

Poul-Henning Kamp phk at phk.freebsd.dk
Sun Jul 27 13:32:52 PDT 2003


In message <0D8BEE11-BFF7-11D7-B8B6-000393A6EB58 at stanford.edu>, John Stockdale 
writes:
>Hopefully PHK has a chance to look this one over, but if anyone else 
>has any thoughts I'll take any opinions I can get. ;)

I have a number of operations I plan to add to the gbde tool, but
some of them has be a bit worried about their foot-shooting potential
so I'm still thinking about them, and rather than go over the program
twice, I'm holding on to the easy ones until I'm ready to do them
all.

The one operation which is a no-brainer so to speak is the "one
time attach" where the gbde device is init'ed and attached but the
master key and lock sector is never written to the device.  This
is the mode you want to use for paging devices.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


More information about the freebsd-current mailing list