:: [devuan-dev] cryptdisk shutdown
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Mason Loring Bliss
日付:  
To: devuan developers internal list
題目: [devuan-dev] cryptdisk shutdown
On a test system here, I have root on a cryptdisk, and as things stand the
cryptdisk can never be released, because root's on it. systemd and FreeBSD
both handle this differently, with built-in code in the one case and the
kernel in the other case tearing down cryptdisks at the end of the world. It'd
be interesting to discuss the security implications and if it's at all
possible to actually protect the key data in various scenarios.

Anyway, I didn't like the patches I'd seen floating around that were intended
to address the long error-filled delay on shutdown with an encrypted root, so
I wrote one that is significantly cleaner and functionally more correct:

    https://bpaste.net/show/C8qM


I'd love to see a proper discussion of the security implications of key
handling. There is some clever thinking happening lately, like this:

    https://www.zdnet.com/article/openssh-gets-protection-against-attacks-like-spectre-meltdown-rowhammer-and-rambleed/


It's worth discussing.

-- 
Mason Loring Bliss    mason@???
They also surf, who only stand on waves.