Comment 30 for bug 1205397

On 12/1/2017 10:39 AM, Mathieu Trudel-Lapierre wrote:
> So; for zram, I think the solution will be "involved". Not overly
> complex, but I think it needs a small rework of seeds. zram is
> compressed, not encrypted. It would be downright wrong to ignore zram
> devices when checking that swap is safe when dealing with encrypted

No, it wouldn't. This is exactly the solution that is needed.

> disks. One option is to allow users to decide whether it's fine, but
> that seems like pointing them in a direction that might not be in their
> best interest -- it's not obvious enough this way that we look whether
> swap is safe for a good reason: if you keep unencrypted swap enabled,
> you still have unencrypted data in memory that may contain the data
> you're trying to secure with disk encryption.

Data in ram is *always* unencrypted. You encrypt the disk to make sure
it is encrypted while it is on the disk. If someone has access to your
ram then they can grab the decrypted data out of the page cache ( or
better yet, grab the decryption key and then read whatever they want off
the disk ). The only thing that zswap does is compress what is already
in ram anyway, and is thus already vulnerable to such attacks without zswap.