Date: Thu, 30 Dec 1999 11:18:49 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Niels Provos: CVS: cvs.openbsd.org: src Message-ID: <199912301918.LAA76495@apollo.backplane.com> References: <199912301852.LAA11820@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:This just went into OpenBSD and looks way cool. :-) Anybody with lots
:of spare time wanna port it :-)
:
:Warner
Hmm. Looks VERY interesting, though I shudder at the overhead. It
would not be too hard to do w/ FreeBSD but in order to avoid low-memory
deadlocks we would have to encrypt the page in-place and then free it
after the pageout (or de-encrypt it in place after the pageout to retain
the page). The tie-ins are trivial. We could add a flags field to the
swblock structure and then simply tie-in to swstrategy().
I would like to see a general cryptographic VFS layer - instead of
having a specific cryptfs we instead should have a VFS layer that
we can stack on any filesystem and enable with a mount option, kinda
like how union mounts work now except easier since we need only
overlay the VOP_READ/WRITE/GETPAGES/PUTPAGES functions. Imagine:
mount -o crypt=KEY /dev/sd0d /mnt
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912301918.LAA76495>