[dm-crypt] Questions on LUKS

Milan Broz gmazyland at gmail.com
Sat Sep 24 10:20:37 CEST 2016

On 09/21/2016 02:09 PM, Ruiz, Edwin wrote:
> 1.       When LUKS is applied to a partition of a drive, is decrypted
> data only stored in memory and never written back to the drive
> (unencrypted).

yes (if you encrypt swap as well - swapped pages could contain some plaintext
and can reach swap drive)

> 2.       Is there any caching of decrypted data; If accessed again,
> is it read from memory or decrypted again?

not in dmcrypt, but there is page cache above it (as for all other devices)

if direct-io is used, it always read data directly from the device
(it avoids page cache)

> 3.       What are the implications of a system that is shut down
> (powerloss, critical failure, etc.) without the command “lucksClose”
> issued to an encrypted device?

then volume key for active device is not properly wiped from memory
(modern bios should wipe memory on reboot though)


More information about the dm-crypt mailing list