encrypted root filesystem

Ryan.Oliver at pha.com.au Ryan.Oliver at pha.com.au
Tue Feb 24 16:16:00 PST 2004






Robert Connolly wrote:
> I think there are a number of ways to _try_ to defeat loopback
> encryption. If
> the swap space is dumped on a kernel panic then its not too hard to
> plug
> something into a running linux to make the kernel panic

If people are paranoid about swap I can think of some simple
solutions
1) configure kernel not to dump
   (though debugging would be *fun* ;-) )
2) scrub the partition (many methods) swap is on, then run mkswap on
   the partition during shutdown (never tried this with swap,
   but have done so on normal fs scratch partitions)
3) don't use swap, ram is cheap ;-)

[R]




More information about the hlfs-dev mailing list