[dm-crypt] Questions on LUKS

Milan Broz gmazyland at gmail.com
Sat Sep 24 10:20:37 CEST 2016


On 09/21/2016 02:09 PM, Ruiz, Edwin wrote:
> 1.       When LUKS is applied to a partition of a drive, is decrypted
> data only stored in memory and never written back to the drive
> (unencrypted).

yes (if you encrypt swap as well - swapped pages could contain some plaintext
and can reach swap drive)

> 2.       Is there any caching of decrypted data; If accessed again,
> is it read from memory or decrypted again?

not in dmcrypt, but there is page cache above it (as for all other devices)

if direct-io is used, it always read data directly from the device
(it avoids page cache)

> 3.       What are the implications of a system that is shut down
> (powerloss, critical failure, etc.) without the command “lucksClose”
> issued to an encrypted device?

then volume key for active device is not properly wiped from memory
(modern bios should wipe memory on reboot though)

Milan


More information about the dm-crypt mailing list