Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret
Written by Michael Larabel in Linux Security on 13 April 2021 at 03:00 AM EDT. 15 Comments
LINUX SECURITY --
In development for more than one year has been the ability to create secret memory areas on Linux that would be visible only to the owning process and is not mapped for other processes or the kernel page tables. That "memfd_secret" system call has finally materialized in Linux-Next and looking like it could be ready for mainline.

The memfd_secret system call is the new interface for creating secret memory areas on Linux for use-cases like OpenSSL in user-space for storing private keys and reducing the chances they are potentially exposed while in system memory and not backed by any other hardware encryption methods.

But in ensuring this memfd_secret functionality isn't abused, this ability to create secret memory areas on the system is disabled by default unless a special option is passed at boot time. The secret memory functionality and memfd_secret system call are hidden behind the "secretmem_enable" option, at least for the time being.

What's new to report on memfd_secret now is that the system call has worked its way into linux-next.git on Monday by way of Andrew Morton's code. Given that, it's possible we might see this new secret memory area system call introduced as part of the upcoming Linux 5.13 cycle but at the very least this feature is moving along and closer to mainline.

More details on the system call and the "secret" memory areas can be found via this patch message.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week