[Pkg-cryptsetup-devel] Bug#342079: [tuomov@iki.fi: Re: cryptsetup:
should check swap partition type]
Jonas Meurer
jonas at freesources.org
Sun Jan 22 17:22:50 UTC 2006
----- Forwarded message from Tuomo Valkonen <tuomov at iki.fi> -----
Date: Sun, 22 Jan 2006 19:16:30 +0200
From: Tuomo Valkonen <tuomov at iki.fi>
Subject: Re: cryptsetup: should check swap partition type
To: Jonas Meurer <jonas at freesources.org>
On 2006-01-22 17:05 +0100, Jonas Meurer wrote:
> You mean, that the device should be checked with 'fdisk -l', and only if
> the partition is type 'swap', cryptsetup and mkswap should be run over
> it?
Well, I'd like some way of ensuring that important data is not accidentally
overwritten by swap setup on boot. Normal swap areas have a signature
indicating that they're swap, and so the system won't use something that
hasn't been prepared as swap as swap. But encrypted swap areas are usually
created with a one-time random key, so the existence of such a signature
from previous initialisation can't be checked.
The partition table and fdisk provide a quick&dirty check that a partition
is intended to be used as swap, and thus it is rather safe to create swap on
it, but of course it isn't generally applicable. A better option might be to
include a signature on the device outside the encrypted area (could perhaps
be hacked with cryptsetup's -o option, and a test on the contents of the
first block of the device), although for systems that have encrypted root
disks and uninformative partition tables, it might degrade security.
--
Tuomo
----- End forwarded message -----
More information about the Pkg-cryptsetup-devel
mailing list