FYI: vm.swap_encrypt

To: current-users%NetBSD.org@localhost
Subject: FYI: vm.swap_encrypt
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Sun, 10 May 2020 03:20:05 +0000

I just added a vm.swap_encrypt sysctl knob to enable or disable
encrypting data when written out to swap space.  This works roughly
like swapping to a random-keyed cgd, but there are several advantages
of vm.swap_encrypt=1 over swapping to a random-keyed cgd:

1. You can dynamically enable or disable vm.swap_encrypt with no other
   configuration.

   The setting will take effect for all pages newly written out to
   swap.  You can force pages to be encrypted, or rekeyed, or
   decrypted, by removing all swap devices and re-adding them with
   swapctl(8) -- with the caveat that any page already written to disk
   might not need to be swapped out again, so whatever is already on
   disk may not be overwritten, and all the usual caveats about the
   efficacy of trying to overwrite physical media apply.

2. The swap encryption key is generated lazily.

   Currently /etc/rc.d/cgd runs _before_ /etc/rc.d/random_seed, so the
   cgd (u)randomkey methods can't take advantage of the random seed
   stored on disk.  However, if you set vm.swap_encrypt=1, it won't
   try to generate a key until the first page has to be written out to
   swap -- generally long after all the rc scripts have completed.

3. You can still use the same device as a dump device if you want, and
   get crash dumps.

   Of course, the crash dumps are not encrypted; that's something else
   we should do -- but we'd need to use a persistent key for crash
   dumps so that you can decrypt them on next boot, whereas the swap
   encryption key is deliberately ephemeral.

The disadvantage, of course, is that vm.swap_encrypt is newly
implemented, and more likely to have bugs than random-keyed cgd.  I'd
like to turn it on by default -- any performance impact happens only
when you're swapping anyway, which means your performance is hosed
already -- but before I do that, more testing would be appreciated!

To try it out, either run `sysctl -w vm.swap_encrypt=1' or put
`vm.swap_encrypt=1' in /etc/sysctl.conf and reboot; then do something
like try to scroll in Slack.  What I did to test is: mount a tmpfs
with no memory limit, use `yes helloworld | head -c $((512*1024*1024))
> /tmp/foo' to fill it up with a verifiable pattern, verify that the
pattern does not appear in the swap file, and verify that the file
reads back the same generated data.


(Easy swap encryption is not a new _idea_ -- we should have had this
decades ago rather than advising people to futz around with cgd(4).
But, better late than never!)

Follow-Ups:
- Re: FYI: vm.swap_encrypt
  - From: Alexander Nasonov

Prev by Date: daily CVS update output
Next by Date: Re: pkgsrc current dbus build failure
Previous by Thread: pkgsrc current dbus build failure
Next by Thread: Re: FYI: vm.swap_encrypt
Indexes:

Home | Main Index | Thread Index | Old Index