SUSE Hack Week: kernel sensitive data protection

kernel sensitive data protection
a project by joeyli

Updated over 7 years ago. No love.

There have some kernel mechanisms that they keep symmetric key or password in memory. Those password or key may leak through /dev/mem, kdump, hibernation, bpf print to userland.

I want to think a design to:

Collect those sensitive data in a place
To avoid sensitive data are leaked through interface to userland.
Low overhead when getting data and checking sensitive memory area.

Join this project Leave this project

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 15

Activity

over 7 years ago: joeyli started this project.

over 7 years ago: joeyli originated this project.

All Updates

over 7 years ago: joeyli started this project.

over 7 years ago: joeyli originated this project.

Comments

over 7 years ago by joeyli | Reply

Upstream discussion about dm-crypt uses keyring: http://www.saout.de/pipermail/dm-crypt/2014-December/004525.html

Edit Comment 2414

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Reply to joeyli

Upstream discussion about dm-crypt uses keyring: http://www.saout.de/pipermail/dm-crypt/2014-December/004525.html

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

over 7 years ago by joeyli | Reply

After c538f6ec in v4.10-rc1, the dm-crypt can use "user" or "logon" key type from keyring. But it doesn't support encrypted key type.

Edit Comment 2416

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Reply to joeyli

After c538f6ec in v4.10-rc1, the dm-crypt can use "user" or "logon" key type from keyring. But it doesn't support encrypted key type.

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

over 7 years ago by joeyli | Reply

Base on the kernel doucment security/keys-trusted-encrypted.txt, EVM and eCryptfs used encrypted key type.

Edit Comment 2418

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Reply to joeyli

Base on the kernel doucment security/keys-trusted-encrypted.txt, EVM and eCryptfs used encrypted key type.

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

over 7 years ago by joeyli | Reply

Looks the master keys in keyring that they are also the sensitive data. Need to check the detail of keyring.

Edit Comment 2420

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Reply to joeyli

Looks the master keys in keyring that they are also the sensitive data. Need to check the detail of keyring.

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

over 7 years ago by joeyli | Reply

Crypto codes like AES expands key to the crypto context in tfm. So the crypto context also includes key as sensitive data.

Edit Comment 2484

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Reply to joeyli

Crypto codes like AES expands key to the crypto context in tfm. So the crypto context also includes key as sensitive data.

# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title

More Complex Markdown Help

Formatting Help

Edit
Preview

Similar Projects

This project is one of its kind!

Looking for hackers with the skills:

This project is part of:

Activity

Comments

over 7 years ago by joeyli | Reply

over 7 years ago by joeyli | Reply

over 7 years ago by joeyli | Reply

over 7 years ago by joeyli | Reply

over 7 years ago by joeyli | Reply

Similar Projects