Difference between revisions of "Pram Fs"

From eLinux.org
Jump to: navigation, search
m (Bot (Edward's framework))
 
(Patch: fix link to recent patch submission)
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
 
 
== Introduction ==
 
== Introduction ==
 
This page describes the Protectec RAM File System (PRAM FS) feature.
 
This page describes the Protectec RAM File System (PRAM FS) feature.
Line 35: Line 33:
  
 
=== Patch ===
 
=== Patch ===
- [Patch for CELF version XXXXXX is *here*]
+
* See [http://tree.celinuxforum.org/pipermail/celinux-dev/2004-September/000197.html celinux-dev archive message 197] for a submission to CELF in 2004)
- [Patch for 2.4.xx is *here*]
+
* Patches for 2.6.30 were posted to lkml in June 2009 - see http://lkml.org/lkml/2009/6/13/86
- Patch for 2.6.7 is pending... (see [http://tree.celinuxforum.org/pipermail/celinux-dev/2004-September/000197.html celinux-dev archive message 197] for a recent submission to forum)
+
  
 
=== Utility programs ===
 
=== Utility programs ===
Line 55: Line 52:
  
 
== Sample Results ==
 
== Sample Results ==
[Examples of use with measurement of the effects.]
+
Here there are some benchmark results made with bonnie++. The board used was an Atmel ngw100 (avr32 architecture) with ap7000 processor and 32MB of SDRAM.
 +
 
 +
*(2.1 KB) [[Media:benchmark_bonnie--_pramfs_noxip.txt|Without XIP]]
 +
*(2.1 KB) [[Media:benchmark_bonnie--_pramfs_xip.txt|With XIP]]
  
 
== Future Work ==
 
== Future Work ==
 
Here is a list of things that could be worked on for this feature:
 
Here is a list of things that could be worked on for this feature:
 
  -
 
  -
 +
 +
[[Category:File Systems| ]]

Revision as of 17:05, 15 June 2009

Introduction

This page describes the Protectec RAM File System (PRAM FS) feature.

PRAM FS is a file system that enhances the security of system data in the presence of kernel bugs or rogue programs.

The protected RAM file system will ordinarily remain consistent even if kernel data pointers are corrupted, or if the kernel starts executing unexpectedly in the wrong location. This is accomplished by making the RAM pages used by PRAM FS non-writable except during the actual file operations themselves.

Rationale

A single bug in the Linux kernel may cause catastrophic damage to a system. If a product holds irreproducible security keys, financial data, or account information, then loss of such data could render the product unusable, or worse. The customer could suffer financial or legal harm (from account theft or identity theft).

It is not possible to guarantee with certainty that there are no bugs in the Linux kernel. However, it is possible to decrease the probability that a bug in the kernel will cause damage to a particular area of memory or storage. This protected area can then be used, with greater confidence, to hold sensitive user or product data.

References

The home page for the PRAMFS project is at: http://pramfs.sourceforge.net/

That site contains a LOT of detailed technical information and more explanation of the rationale for this feature.

Downloads

Patch

Utility programs

Pram fs can be created and populated using normal Linux filesystem utilities.

How To Use

See the file Documentation/filesystems/pramfs.txt for instructions on its use (once the patch is applied).

Status

Pramfs was submitted for consideration for inclusion in the 2.6.4 kernel, in March 2004. There was a thread of discussion here

There were a few, easily answered, concerns raised. But the patch was not accepted into mainstream.

I talked to Andrew Morton about this in April, 2004, and he said the threshold is high for getting a new filesystem into the mainline kernel, because each filesystem adds incremental, ongoing, source maintenance overhead.

Sample Results

Here there are some benchmark results made with bonnie++. The board used was an Atmel ngw100 (avr32 architecture) with ap7000 processor and 32MB of SDRAM.

Future Work

Here is a list of things that could be worked on for this feature:

-