Date: Fri, 17 May 2013 20:08:11 +0000 (UTC) From: Tom Rhodes <trhodes@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r41650 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks Message-ID: <201305172008.r4HK8BDu001539@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trhodes Date: Fri May 17 20:08:11 2013 New Revision: 41650 URL: http://svnweb.freebsd.org/changeset/doc/41650 Log: Axe the "why encrypt swap" mini-section and migrate the useful stuff into the section introduction. Re-word some sentences and a section name. Reviewed by: bcr (quick look) Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml ============================================================================== --- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Fri May 17 19:56:43 2013 (r41649) +++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/disks/chapter.xml Fri May 17 20:08:11 2013 (r41650) @@ -3830,27 +3830,22 @@ geli_da2_flags="-p -k /root/da2.key"</pr <secondary>encrypting</secondary> </indexterm> - <para>Swap encryption in &os; is easy to configure. Depending on - which version of &os; is being used, different options are - available and configuration can vary slightly. The &man.gbde.8; - or &man.geli.8; encryption systems can be used for swap - encryption. Both systems use the <filename>encswap</filename> + <para>Like the encryption of disk partitions, encryption of swap + space is used to protect sensitive information. Consider an + application that deals with passwords. As long as these + passwords stay in physical memory, these passwords will not + be written to disk and be cleared after a reboot. If &os; + starts swapping out memory pages to free + space for other applications, the passwords may be written to + the disk platters unencrypted. Encrypting swap space can be a + solution for this scenario.</para> + + <para>The &man.gbde.8; or &man.geli.8; encryption systems may be + used for swap encryption. Both systems use the + <filename>encswap</filename> <link linkend="configtuning-rcd">rc.d</link> script.</para> <sect2> - <title>Why Should Swap be Encrypted?</title> - - <para>Like the encryption of disk partitions, encryption of swap - space is used to protect sensitive information. Consider an - application that deals with passwords. As long as these - passwords stay in physical memory, all is well. However, if - the operating system starts swapping out memory pages to free - space for other applications, the passwords may be written to - the disk platters unencrypted. Encrypting swap space can be a - solution for this scenario.</para> - </sect2> - - <sect2> <title>Preparation</title> <note> @@ -3907,7 +3902,7 @@ geli_da2_flags="-p -k /root/da2.key"</pr </sect2> <sect2> - <title>Verifying That it Works</title> + <title>Encrypted Swap Verification</title> <para>Once the system has rebooted, proper operation of the encrypted swap can be verified using
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305172008.r4HK8BDu001539>