Module Name: src Committed By: riastradh Date: Sun May 10 02:31:29 UTC 2020
Modified Files: src/share/man/man7: sysctl.7 Log Message: Document vm.swap_encrypt. To generate a diff of this commit: cvs rdiff -u -r1.144 -r1.145 src/share/man/man7/sysctl.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man7/sysctl.7 diff -u src/share/man/man7/sysctl.7:1.144 src/share/man/man7/sysctl.7:1.145 --- src/share/man/man7/sysctl.7:1.144 Sun May 10 02:30:33 2020 +++ src/share/man/man7/sysctl.7 Sun May 10 02:31:29 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: sysctl.7,v 1.144 2020/05/10 02:30:33 riastradh Exp $ +.\" $NetBSD: sysctl.7,v 1.145 2020/05/10 02:31:29 riastradh Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -2493,6 +2493,7 @@ privilege may change the value. .It vm.proc.map struct kinfo_vmentry no .It vm.guard_size unsigned int no .It vm.thread_guard_size unsigned int yes +.It vm.swap_encrypt bool yes .El .Bl -tag -width "123456" .It Li vm.anonmax ( Dv VM_ANONMAX ) @@ -2566,6 +2567,29 @@ Return system wide guard size for the ma .It Li vm.thread_guard_size Return system wide default size for the guard area of all other threads of a program. +.It Li vm.swap_encrypt +If true, encrypt data while swapped out to disk. +.Pp +Each swap device maintains an independent AES-256 key, generated when +the first page is swapped to that device. +Each page is swapped independently using AES-CBC, with an +initialization vector chosen by the encryption under the AES-256 key of +the little-endian swap slot number padded to 128 bits with zeros. +(This is essentially the +.Xr cgd 4 +.Sq encblkno1 +method.) +.Pp +Changes to +.Li vm.swap_encrypt +only affect pages of swap newly written out. +To force encrypting or decrypting all existing swap, or to rekey +previously encrypted swap, you can remove the swap devices and re-add +them with +.Xr swapctl 8 , +with the caveat that whatever pages were already written to disk +unencrypted or encrypted with a compromised key may still be written to +disk afterward. .\" XXX vm.idlezero .El .Ss The ddb.* subtree ( Dv CTL_DDB )