Date: Tue, 07 Sep 2010 03:10:52 -0700 From: Carl <k0802647@telus.net> To: Pawel Jakub Dawidek <pjd@FreeBSD.org>, freebsd-fs@freebsd.org Subject: Re: geli'd swap and core dumps Message-ID: <4C860FAC.5070700@telus.net> In-Reply-To: <20100905150344.GD1900@garage.freebsd.pl> References: <4C834D1A.2010405@telus.net> <20100905150344.GD1900@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2010-09-05 8:03 AM, Pawel Jakub Dawidek wrote: >> What are best practices for achieving encrypted swap and functional core >> dump recovery? Or are these mutually exclusive goals? > > Well, the idea to encrypt swap is to prevent any sensitive data to be > stored on disk unencrypted where it might last for a long time. > If you configure to dump kernel memory to a disk (kernel dumps are not > encrypted) you kinda miss the point, as kernel memory can contain a lot > of sensitive data. It makes sense that best practice would be to disable the dump device, yet it appears dumpdev is set to AUTO as the default on current versions of FreeBSD. Does AUTO imply a behaviour that will intelligently recognize the lack of a functional dumpdev in the case of a geli'd swap or do I need to explicitly set dumpdev to NO to avoid errors on normal startups or even bad behaviour during a kernel panic? Carl / K0802647
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C860FAC.5070700>