[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/47136: encrypting swap is too hard
>Synopsis: encrypting swap is too hard
>Arrival-Date: Sun Oct 28 19:05:00 +0000 2012
>Originator: Taylor R Campbell <campbell+netbsd%mumble.net@localhost>
>Release: NetBSD 6.99.12
Swap encryption involves no key management or permanent data
storage for the operator to worry about, so it should be
super-easy to turn on with the flick of a switch, but it's
not. I would like to just do
sysctl -w vm.encrypt_swap=1
or put that into /etc/sysctl.conf, but instead I have to
configure a cgd (which uses up a cgd number and therefore
figures the system's administration in various ways such as
/etc/fstab and /etc/cgd/cgd.conf), set up something in
/etc/rc.local or /etc/rc.conf.d to automatically disklabel it
at the right time, and then tell the system to swap onto it.
1. Try to enable swap encryption.
2. Realize that there are a bunch of moving parts to mess with.
3. Give up in frustration.
4. Look for another PR on the subject.
5. Wonder why there wasn't one submitted ten years ago.
6. Write recursive PR.
Main Index |
Thread Index |