Crash dumps and encrypted swap
cpghost
cpghost at cordula.ws
Thu Mar 22 11:02:37 UTC 2007
How do you enable crash dumps when the swap partition is GBDE-
(or GELI-) encrypted? A setting of:
dumpdev="/dev/ad0s1b.bde"
in /etc/rc.conf seems silly, because /etc/rc.d/encswap initializes
the swap partition with a new random passphrase on every reboot,
so savecore(8) won't be able to read the previous crash dump.
Is it possible to set dumpdev to "/dev/ad0s1b" (eventhough swap
is /dev/ad0s1b.bde), and make sure that /etc/rc.d/savecore is
called *before* /etc/rc.d/encswap to fetch the (unencrypted)
crash dump?
Or is it better to manually encrypt swap with a known (not one-time)
passphrase -- therefore bypassing /etc/rc.d/encswap completely --,
so that crash dumps are saved on the encrypted swap, but can still
be read back on next reboot?
Oh, and btw, is it at all possible to crash dump on an .bde or .eli
special device? Is it reliable (crash dumping on a regular file is
not possible for reliability reasons)?
(Of course, it's always possible to set aside a special non-encrypted
partition just for crash dumps, but this means reinstalling everything
from scratch...)
Thanks,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list