[PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing
Andi Kleen
ak at linux.intel.com
Thu Mar 4 19:59:05 GMT 2021
Sai Prakash Ranjan <saiprakash.ranjan at codeaurora.org> writes:
>
> "Consider a system where disk contents are encrypted and the encryption
> key is set up by the user when mounting the file system. From that point
> on the encryption key resides in the kernel. It seems reasonable to
> expect that the disk encryption key be protected from exfiltration even
> if the system later suffers a root compromise (or even against insiders
> that have root access), at least as long as the attacker doesn't
> manage to compromise the kernel."
Normally disk encryption is in specialized work queues. It's total
overkill to restrict all of the kernel if you just want to restrict
those work queues.
I would suggest some more analysis where secrets are actually stored
and handled first.
-Andi
More information about the linux-arm-kernel
mailing list