Many of you seem to think that having hardware access forfeits any
expected security, however this is not the case. Data in hardware RAM is
not accessible to anyone but the user and root at the time the application
is running. If the system is physically compromised, there is little way
I can think of to take root without having to at least reboot the
computer, thus destroying the unencrypted contents of RAM.
Personally, I don't run out of actual RAM often, thus keeping my swap-file
on an encrypted loopback is satisfactory. I would imagine that this
incurs a significant overhead which may be unacceptable for swap-heavy
systems. If Linux supported encrypted swap directly, it would reduce this
overhead by eliminating the fs layer from memory access. I think this
would be a good thing, and should probably be suggested to the
international kernel group, since they're probably the most interested.
-Ryan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/