[dm-crypt] keys in memory?

Milan Broz mbroz at redhat.com
Thu Jan 13 22:31:01 CET 2011


On 01/13/2011 10:03 PM, Kachler, Arie wrote:
> When a system has been configured and it's using encrypted LUKS
> partition(s), are they keys visible in memory?

for active devices yes. if you run encryption on the main CPU
(and not in some special hw), the key must be visible in memory.

> The question is relevant when deploying these types of partitions to
> a cloud provider, where the provider's hypervisor has access to all
> vms' memory.

if you have access to hypervisor, you have access to the full memory,
you have access to everything.

Milan


More information about the dm-crypt mailing list