Steve> The obvious approach to me would to generate a random
Steve> session key at boot time and use that for
Steve> encrypting/decrypting swap pages. If the machine is
Steve> unplugged and the disk pulled out, then the swap area on
Steve> that disk could not be recovered the attacker, who
Example: disk is faulty and will no longer work. How do you guarantee
that nobody will be able to read it after you toss it out OR return it
to the manufacturer to claim for warranty?
(of course, encrypting swap space is only part of the solution, here
you need to encrypt everything).
-- Brian May <bam@snoopy.apana.org.au> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/