Bug 43162

Summary:	device-mapper cannot be used with dm-crypt and unencrypted swap securely
Product:	Gentoo Linux	Reporter:	Justin Whitney <ripple>
Component:	New packages	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED LATER
Severity:	normal	CC:	hardened
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	patches device-mapper/* to -r1 which includes patch for dmsetup

Description Justin Whitney 2004-02-27 20:23:19 UTC

Checkout my dm-crypt ebuild submission for more details http://bugs.gentoo.org/show_bug.cgi?id=43146

but the basic idea is this:

dm-crypt has no userspace util at the moment, it uses dmsetup.  but setting up an encrypted map with dmsetup is insecure UNLESS your swap space is encrypted, because the dmsetup tool does not lock its pages (prevent from being written out to disk).  Because the pages are unlocked, they are free to be written to disk, making it possible for your key for one or more of your encrypted block devices to be exposed in the clear in your swapspace.

the solution is either 1) write a userspace dm-crypt utility that locks its pages or 2) make dmsetup lock its pages, and make the path between key entry and  dmsetup secure.

here is an ebuild tarball that patches dmsetup to lock its pages, thus making it possible to use dm-crypt to encrypt your block devices without encrypting your swapspace.

Comment 1 Justin Whitney 2004-02-27 20:31:58 UTC

Created attachment 26499 [details, diff]
patches device-mapper/* to -r1 which includes patch for dmsetup

this patches device-mapper/* for a 1.00.07-r1.ebuild which includes a patch
that makes dmsetup lock its pages.

Comment 2 Justin Whitney 2004-02-27 22:13:04 UTC

please put this on hold for now and ignore.