how to intercept system calls
rajesh0541 at gmail.com
Wed Jul 10 13:28:05 EDT 2013
you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage
and maintaining keys in inode/as extended attributes.
On Wed, Jul 10, 2013 at 10:39 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 10 Jul 2013 21:32:22 +0800, <wuyaalan at gmail.com> said:
> > I wanna encrpto some data in kernel, and these encrypto data storage
> > on disk .i should decrypt data before system call trasmit to user mode.
> > then what should i do ? how to get encrypt data ?
> > I wanna intercept write function(kernel), when this function got
> > encrypt data i will decrypt.
> This will probably not end well, as crypto is a lot harder to get right
> it looks.
> What threat model are you trying to defend against with the encrypted data?
> What data are you encrypting, and who are you trying to keep it away from?
> The biggest problem is the secure storage and management of crypto keys.
> You're almost certainly better off using the in-kernel keyring code instead
> of trying to do this yourself. Also see the various TPM support code.
> And it's possible that what you *really* wanted to use is the userspace
> cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're
> trying to do.
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Kernelnewbies