You got it bit.. wrong. Or, non-specific. If you assume that your laptop
is stolen while its powered, then encrypted swap won't help you (strings
/proc/kcore & the likes). If its going to be stolen while its offline, you
can have your shutdown scripts blank the swap partition and the boot
scripts call mkswap on it.
Or, somehow better & safer (or, explain the drawback):
spiral:~# dd if=/dev/zero of=/swap bs=1024k count=16
16+0 records in
16+0 records out
spiral:~# losetup -e DES /dev/loop0 /swap
Password:
Init (up to 16 hex digits):
spiral:~# mkswap /dev/loop0
Setting up swapspace version 1, size = 16773120 bytes
spiral:~# swapon /dev/loop0
spiral:~# cat /proc/swaps
Filename Type Size Used Priority
/dev/loop0 partition 16376 0 -3
There, you have the swap encrypted, up and running. Of course, if you need
more fancy encryption than the default, XOR or DES, get the crypto patch.
You only need to have a script that does the stuff, that runs when the
system boots, without shutdown scripts (in case of power/battery failure
these might not be executed, hence the swap would not be wiped). Of
course, you'll need to enter the losetup password upon booting, which
might prove annoying (then again, if kernel would provide swap
encryption, the only way to make it non-decryptable would be for you to
enter a password, same drawback actually).
Cheers,
Dan.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/