tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP



On Mon, May 18, 2020 at 06:21:10PM -0400, Mouse wrote:
> >> Always encrypted swap would be even better but ... slow machines.
> > Compared to the time required to put the pages out to disk?
> 
> That comparison is relevant only if the system has nothing better to do
> than wait for the page out/in.  A few systems probably don't.  Most, I
> suspect, do, and if there _is_ something else the CPU could usefully be
> doing, I suspect spending the (scarce) cycles there is preferable.
> 
> At least for most systems.  There certainly is a place for allowing the
> admin to insist on encrypted swap even on slow machines.

I agree with both. Leave it an admin decision (and maybe default to
"encrypt"). Also assume that it is possible to complete enough of /etc/rc.d
without any swapping ;-} so a simple setting in /etc/sysctl.conf will do.

I can run tests on slow + small memory machines (but not really sure what
a good test would be - maybe compiling a few things with MAKE_JOBS >= 2 from
pkgsrc?).

Martin


Home | Main Index | Thread Index | Old Index