Date: Mon, 15 Jul 2013 16:10:24 +0200 From: Konrad Witaszczyk <def@freebsd.org> To: soc-status@freebsd.org Subject: Report #4: Unattended encrypted kernel crash dumps Message-ID: <51E402D0.8080906@freebsd.org>
next in thread | raw e-mail | index | archive | help
Things that I've finished recently: * Import XTS implementation from pefs - create crypto/xts.h. * Change the kerneldumpheader structure to store data required to decrypt data. * Change the dumperinfo structure to encrypt data in the dump_write function. * Add a kernel option to compile kernel with encrypted crash dumps on demand. * Display encryption details in savecore. * Encrypt a crash dump with a constant AES key and make it suitable for savecore. I modified dump_write to save data in a dumperinfo buffer so when the buffer is full I can encrypt data and call a dumper function to write them to a dump device. The buffer should have the same size as a block. There is one limitation at the moment: dump_write should receive data in a natural order, one after another. Otherwise it will save data in a wrong order. The plan for the next week is to do at least the following things: * Change savecore to save a key and a tweak in a separate file. * Create a script to decrypt a crash dump. Regards, Konrad Witaszczyk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51E402D0.8080906>