Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP

To: tech-kern%NetBSD.org@localhost
Subject: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 19 May 2020 07:22:52 +0200

On Mon, May 18, 2020 at 06:21:10PM -0400, Mouse wrote:
> >> Always encrypted swap would be even better but ... slow machines.
> > Compared to the time required to put the pages out to disk?
> 
> That comparison is relevant only if the system has nothing better to do
> than wait for the page out/in.  A few systems probably don't.  Most, I
> suspect, do, and if there _is_ something else the CPU could usefully be
> doing, I suspect spending the (scarce) cycles there is preferable.
> 
> At least for most systems.  There certainly is a place for allowing the
> admin to insist on encrypted swap even on slow machines.

I agree with both. Leave it an admin decision (and maybe default to
"encrypt"). Also assume that it is possible to complete enough of /etc/rc.d
without any swapping ;-} so a simple setting in /etc/sysctl.conf will do.

I can run tests on slow + small memory machines (but not really sure what
a good test would be - maybe compiling a few things with MAKE_JOBS >= 2 from
pkgsrc?).

Martin

Follow-Ups:
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Michael van Elst

References:
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Alexander Nasonov
- re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: matthew green
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Alexander Nasonov
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Thor Lancelot Simon
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Mouse

Prev by Date: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Next by Date: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Previous by Thread: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Next by Thread: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Indexes:

Home | Main Index | Thread Index | Old Index