aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/books/handbook/disks/chapter.xml
diff options
context:
space:
mode:
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/disks/chapter.xml')
-rw-r--r--en_US.ISO8859-1/books/handbook/disks/chapter.xml57
1 files changed, 24 insertions, 33 deletions
diff --git a/en_US.ISO8859-1/books/handbook/disks/chapter.xml b/en_US.ISO8859-1/books/handbook/disks/chapter.xml
index 182fd40c3d..b92339ed4c 100644
--- a/en_US.ISO8859-1/books/handbook/disks/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/disks/chapter.xml
@@ -3690,42 +3690,33 @@ geli_da2_flags="-p -k /root/da2.key"</programlisting>
<secondary>encrypting</secondary>
</indexterm>
- <para>Swap encryption in &os; is easy to configure. Depending on
- which version of &os; is being used, different options are
- available and configuration can vary slightly. The &man.gbde.8;
- or &man.geli.8; encryption systems can be used for swap
- encryption. Both systems use the <filename>encswap</filename>
+ <para>Like the encryption of disk partitions, encryption of swap
+ space is used to protect sensitive information. Consider an
+ application that deals with passwords. As long as these
+ passwords stay in physical memory, these passwords will not
+ be written to disk and be cleared after a reboot. If &os;
+ starts swapping out memory pages to free
+ space for other applications, the passwords may be written to
+ the disk platters unencrypted. Encrypting swap space can be a
+ solution for this scenario.</para>
+
+ <para>The &man.gbde.8; or &man.geli.8; encryption systems may be
+ used for swap encryption. Both systems use the
+ <filename>encswap</filename>
<link linkend="configtuning-rcd">rc.d</link> script.</para>
- <sect2>
- <title>Why Should Swap be Encrypted?</title>
-
- <para>Like the encryption of disk partitions, encryption of swap
- space is used to protect sensitive information. Consider an
- application that deals with passwords. As long as these
- passwords stay in physical memory, all is well. However, if
- the operating system starts swapping out memory pages to free
- space for other applications, the passwords may be written to
- the disk platters unencrypted. Encrypting swap space can be a
- solution for this scenario.</para>
- </sect2>
-
- <sect2>
- <title>Preparation</title>
-
- <note>
- <para>For the remainder of this section,
- <devicename>ad0s1b</devicename> will be the swap
- partition.</para>
- </note>
+ <note>
+ <para>For the remainder of this section,
+ <devicename>ad0s1b</devicename> will be the swap
+ partition.</para>
+ </note>
- <para>By default, swap is unencrypted. It is possible that it
- contains passwords or other sensitive data in cleartext. To
- rectify this, the data on the swap partition should be
- overwritten with random garbage:</para>
+ <para>Swap partitions are not encrypted by default and should
+ be cleared of any sensitive data before continuing. To
+ overwrite the current swap parition with random garbage,
+ execute the following command:</para>
- <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
- </sect2>
+ <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ad0s1b</replaceable> bs=1m</userinput></screen>
<sect2>
<title>Swap Encryption with &man.gbde.8;</title>
@@ -3767,7 +3758,7 @@ geli_da2_flags="-p -k /root/da2.key"</programlisting>
</sect2>
<sect2>
- <title>Verifying That it Works</title>
+ <title>Encrypted Swap Verification</title>
<para>Once the system has rebooted, proper operation of the
encrypted swap can be verified using