NetBSD Problem Report #47136

From campbell@mumble.net  Sun Oct 28 19:00:19 2012
Return-Path: <campbell@mumble.net>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id C2C5763CAFB
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 28 Oct 2012 19:00:18 +0000 (UTC)
Message-Id: <20121028185936.825ED604B3@jupiter.mumble.net>
Date: Sun, 28 Oct 2012 18:59:36 +0000 (UTC)
From: Taylor R Campbell <campbell+netbsd@mumble.net>
Reply-To: Taylor R Campbell <campbell+netbsd@mumble.net>
To: gnats-bugs@gnats.NetBSD.org
Subject: encrypting swap is too hard
X-Send-Pr-Version: 3.95

>Number:         47136
>Category:       kern
>Synopsis:       encrypting swap is too hard
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 28 19:05:00 +0000 2012
>Closed-Date:    Sun Apr 18 19:37:39 +0000 2021
>Last-Modified:  Sun Apr 18 19:37:39 +0000 2021
>Originator:     Taylor R Campbell <campbell+netbsd@mumble.net>
>Release:        NetBSD 6.99.12
>Organization:
>Environment:
Architecture: any
Machine: any
>Description:

	Swap encryption involves no key management or permanent data
	storage for the operator to worry about, so it should be
	super-easy to turn on with the flick of a switch, but it's
	not.  I would like to just do

		sysctl -w vm.encrypt_swap=1

	or put that into /etc/sysctl.conf, but instead I have to
	configure a cgd (which uses up a cgd number and therefore
	figures the system's administration in various ways such as
	/etc/fstab and /etc/cgd/cgd.conf), set up something in
	/etc/rc.local or /etc/rc.conf.d to automatically disklabel it
	at the right time, and then tell the system to swap onto it.

>How-To-Repeat:

	1. Try to enable swap encryption.
	2. Realize that there are a bunch of moving parts to mess with.
	3. Give up in frustration.
	4. Look for another PR on the subject.
	5. Wonder why there wasn't one submitted ten years ago.
	6. Write recursive PR.
	7. ???
	8. Profit?

>Fix:

	Yes, please!

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sun, 18 Apr 2021 19:37:39 +0000
State-Changed-Why:
Done by riastradh


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.