Re: The disappearing sys_call_table export.

From: Bryan Andersen (bryan@bogonomicon.net)
Date: Mon May 12 2003 - 18:58:21 EST


You want it secure, never write it to disk. If that is not an option,
then all that is written to a disk must be encrypted. Anything less is
a placebo. Anyways as Alan mentioned:

> 4. Even then data erasure is not guaranteed because of the drive logic

 From the write speed differences I've seen on my own system between
writing zero filled buffers and random data filled buffers it looks like
a good number of drives do zero filled block write optimizations. From
the efective write rates on a couple of my drives it looks like they are
just marking the blocks as zero in a master table rather than really
writing zeros out to them.

- Bryan

Yoav Weiss wrote:
> Until linux gets a real encrypted swap (the kind OpenBSD implements), you
> can settle for encrypting your whole swap with one random key that gets
> lost on reboot. Encrypted loop dev with a key from /dev/random easily
> gives you that.
>
> Download the latest loop-AES from http://loop-aes.sourceforge.net/ and
> follow the "Encrypting swap on 2.4 kernels" section in README.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu May 15 2003 - 22:00:42 EST