Subject: Re: CryptoGraphic Disk.
To: Urban Boquist <>
From: Bill Studenmund <>
List: tech-security
Date: 10/07/2002 11:32:41
On Mon, 7 Oct 2002, Urban Boquist wrote:

> >>>>> Roland Dowdeswell writes:
> Roland> I've just committed cgd, the CryptoGraphic Disk.
> Great work! Thanks a lot!
> I have one question though. I used to use TCFS for a while, and one
> really nifty feature it had was that you could "remove" the encryption
> key from the kernel without unmounting the file system. Processes that
> tried to access the disk when the key was unavailable got read/write
> errors.
> This was very handy on e.g. a travelling laptop, where you could use
> the /etc/apm scripts to simply remove the key automatically when
> suspending. Since you didn't need to unmount the file system you also
> didn't have to bother finding all processes inside the file system,
> kill emacs buffers visiting files inside it, etc. Once resumed you
> just re-entered the passphrase and everything was as before again.
> Would something like this be possible to add to cgd?

I don't really think so. The problem is that for what you describe, you
really want a file system. cgd is a device, and is at the wrong
abstraction layer.

Take care,