From owner-svn-doc-projects@FreeBSD.ORG Fri May 17 20:08:12 2013 Return-Path: Delivered-To: svn-doc-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 14E53EDA; Fri, 17 May 2013 20:08:12 +0000 (UTC) (envelope-from trhodes@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id E19F0325; Fri, 17 May 2013 20:08:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4HK8BAe001540; Fri, 17 May 2013 20:08:11 GMT (envelope-from trhodes@svn.freebsd.org) Received: (from trhodes@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4HK8BDu001539; Fri, 17 May 2013 20:08:11 GMT (envelope-from trhodes@svn.freebsd.org) Message-Id: <201305172008.r4HK8BDu001539@svn.freebsd.org> From: Tom Rhodes Date: Fri, 17 May 2013 20:08:11 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r41650 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks X-SVN-Group: doc-projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for doc projects trees List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 May 2013 20:08:12 -0000 Author: trhodes Date: Fri May 17 20:08:11 2013 New Revision: 41650 URL: http://svnweb.freebsd.org/changeset/doc/41650 Log: Axe the "why encrypt swap" mini-section and migrate the useful stuff into the section introduction. Re-word some sentences and a section name. Reviewed by: bcr (quick look) Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Fri May 17 19:56:43 2013 (r41649) +++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Fri May 17 20:08:11 2013 (r41650) @@ -3830,27 +3830,22 @@ geli_da2_flags="-p -k /root/da2.key"encrypting - Swap encryption in &os; is easy to configure. Depending on - which version of &os; is being used, different options are - available and configuration can vary slightly. The &man.gbde.8; - or &man.geli.8; encryption systems can be used for swap - encryption. Both systems use the encswap + Like the encryption of disk partitions, encryption of swap + space is used to protect sensitive information. Consider an + application that deals with passwords. As long as these + passwords stay in physical memory, these passwords will not + be written to disk and be cleared after a reboot. If &os; + starts swapping out memory pages to free + space for other applications, the passwords may be written to + the disk platters unencrypted. Encrypting swap space can be a + solution for this scenario. + + The &man.gbde.8; or &man.geli.8; encryption systems may be + used for swap encryption. Both systems use the + encswap rc.d script. - Why Should Swap be Encrypted? - - Like the encryption of disk partitions, encryption of swap - space is used to protect sensitive information. Consider an - application that deals with passwords. As long as these - passwords stay in physical memory, all is well. However, if - the operating system starts swapping out memory pages to free - space for other applications, the passwords may be written to - the disk platters unencrypted. Encrypting swap space can be a - solution for this scenario. - - - Preparation @@ -3907,7 +3902,7 @@ geli_da2_flags="-p -k /root/da2.key" - Verifying That it Works + Encrypted Swap Verification Once the system has rebooted, proper operation of the encrypted swap can be verified using