Re: usb flash drive removal (Re: Desktop NetBSD needs your help)

["Steven M. Bellovin" <smb%cs.columbia.edu@localhost>]

On Sun, 15 Feb 2009 09:52:31 +1100
Daniel Carosone <dan%geek.com.au@localhost> wrote:

> On Sat, Feb 14, 2009 at 04:20:40PM -0600, David Young wrote:
> > > If you say it's acceptable to block before the device is
> > > reconnected, how do you deal with e.g. the UI notification
> > > component which was supposed to alert about accidental device
> > > unblock hanging on the unplugged file system.
> > 
> > It is acceptable to block access to the device before the device is
> > reconnected.  It seems to me that a UI notification component will
> > only hang if it uses resources on the very same disconnected device
> > as it reports on, but this brings us back to my previous question.
> 
> There's an analogous use-case here to consider.
> 
> When we suspend the system, it would be great if there was a mechanism
> to clear cgd(4) keys from memory, suspend IO to the device, and then
> prompt for keys/passphrase again on resume before unblocking the
> device.  For some use(r)s, it may even be desirable to trigger this by
> idle time or some other event (screen lock, lid close, special
> hotkey).

I have a powerd script that forcibly unmounts and unconfigures cgd
drive on suspend events.  I hope -- but have not verified -- that
unconfiguring a cgd drive would clear the keys from memory.  (And is it
feasible to "zeroize" the disk buffers such drives use?)  I need to
clean up my code and commit it...

                --Steve Bellovin, http://www.cs.columbia.edu/~smb