[zfs-discuss] Support booting from encrypted root fs

Zenny garbytrash at gmail.com
Tue May 21 06:36:10 EDT 2013


On 5/20/13, Turbo Fredriksson <turbo at bayour.com> wrote:
> On May 20, 2013, at 7:05 PM, Zenny wrote:
>
>> It is a nice thing until the clean unmount and wiping of the memory at
>> the shutdown works with debian.
>
> You must have misunderstood me there. I'm using ZFS native encryption,
> not dm-crypt or anything like that!

Yep, but the question is whether the encrypted / with ZFS native
encryption gets unmouned at shutdown and wipes the RAM to prevent from
cold boot attacks?

Maybe this info from tails page gives a clear picture to you for the
possible scenario:

https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html
https://tails.boum.org/forum/Ram_Wipe_Script/
https://tails.boum.org/contribute/git/
https://tails.boum.org/contribute/customize/

Obviously it matters when encryption key is not wiped out cleanly when
/ is unmounted.

> --
> There are no dumb questions,
> unless a customer is asking them.
> - Unknown
>
>



More information about the zfs-discuss mailing list