Date: Thu, 30 Dec 1999 11:18:49 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Niels Provos: CVS: cvs.openbsd.org: src Message-ID: <199912301918.LAA76495@apollo.backplane.com> References: <199912301852.LAA11820@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:This just went into OpenBSD and looks way cool. :-) Anybody with lots :of spare time wanna port it :-) : :Warner Hmm. Looks VERY interesting, though I shudder at the overhead. It would not be too hard to do w/ FreeBSD but in order to avoid low-memory deadlocks we would have to encrypt the page in-place and then free it after the pageout (or de-encrypt it in place after the pageout to retain the page). The tie-ins are trivial. We could add a flags field to the swblock structure and then simply tie-in to swstrategy(). I would like to see a general cryptographic VFS layer - instead of having a specific cryptfs we instead should have a VFS layer that we can stack on any filesystem and enable with a mount option, kinda like how union mounts work now except easier since we need only overlay the VOP_READ/WRITE/GETPAGES/PUTPAGES functions. Imagine: mount -o crypt=KEY /dev/sd0d /mnt -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912301918.LAA76495>