Secure variables protected by Linux kernel












7















Is there a possibility to place variables under the custody of the Linux kernel?



E.g. counters that may only be incremented, variables that can be written to but only read after authentication.



Ideally with persistency after reboot and unalterable between boots.



I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.



However I could not find a solution for this.



Usecase would be e.g. software eFuses https://en.wikipedia.org/wiki/EFUSE and the ability to securely store variables from user space.










share|improve this question















migrated from serverfault.com Jul 24 '17 at 15:38


This question came from our site for system and network administrators.














  • 1





    See if man keyrings (and SEE ALSOs) can answer some of your needs.

    – Stéphane Chazelas
    Jul 24 '17 at 16:07













  • Can you give a sample use case?

    – sdkks
    Jul 25 '17 at 1:25











  • A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

    – Reiner Rottmann
    Jul 25 '17 at 16:22











  • I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

    – Reiner Rottmann
    Aug 20 '17 at 11:18


















7















Is there a possibility to place variables under the custody of the Linux kernel?



E.g. counters that may only be incremented, variables that can be written to but only read after authentication.



Ideally with persistency after reboot and unalterable between boots.



I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.



However I could not find a solution for this.



Usecase would be e.g. software eFuses https://en.wikipedia.org/wiki/EFUSE and the ability to securely store variables from user space.










share|improve this question















migrated from serverfault.com Jul 24 '17 at 15:38


This question came from our site for system and network administrators.














  • 1





    See if man keyrings (and SEE ALSOs) can answer some of your needs.

    – Stéphane Chazelas
    Jul 24 '17 at 16:07













  • Can you give a sample use case?

    – sdkks
    Jul 25 '17 at 1:25











  • A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

    – Reiner Rottmann
    Jul 25 '17 at 16:22











  • I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

    – Reiner Rottmann
    Aug 20 '17 at 11:18
















7












7








7


1






Is there a possibility to place variables under the custody of the Linux kernel?



E.g. counters that may only be incremented, variables that can be written to but only read after authentication.



Ideally with persistency after reboot and unalterable between boots.



I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.



However I could not find a solution for this.



Usecase would be e.g. software eFuses https://en.wikipedia.org/wiki/EFUSE and the ability to securely store variables from user space.










share|improve this question
















Is there a possibility to place variables under the custody of the Linux kernel?



E.g. counters that may only be incremented, variables that can be written to but only read after authentication.



Ideally with persistency after reboot and unalterable between boots.



I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.



However I could not find a solution for this.



Usecase would be e.g. software eFuses https://en.wikipedia.org/wiki/EFUSE and the ability to securely store variables from user space.







linux security linux-kernel






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 12 '18 at 10:50









Rui F Ribeiro

41.6k1483141




41.6k1483141










asked Jul 24 '17 at 15:16









Reiner RottmannReiner Rottmann

1363




1363




migrated from serverfault.com Jul 24 '17 at 15:38


This question came from our site for system and network administrators.









migrated from serverfault.com Jul 24 '17 at 15:38


This question came from our site for system and network administrators.










  • 1





    See if man keyrings (and SEE ALSOs) can answer some of your needs.

    – Stéphane Chazelas
    Jul 24 '17 at 16:07













  • Can you give a sample use case?

    – sdkks
    Jul 25 '17 at 1:25











  • A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

    – Reiner Rottmann
    Jul 25 '17 at 16:22











  • I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

    – Reiner Rottmann
    Aug 20 '17 at 11:18
















  • 1





    See if man keyrings (and SEE ALSOs) can answer some of your needs.

    – Stéphane Chazelas
    Jul 24 '17 at 16:07













  • Can you give a sample use case?

    – sdkks
    Jul 25 '17 at 1:25











  • A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

    – Reiner Rottmann
    Jul 25 '17 at 16:22











  • I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

    – Reiner Rottmann
    Aug 20 '17 at 11:18










1




1





See if man keyrings (and SEE ALSOs) can answer some of your needs.

– Stéphane Chazelas
Jul 24 '17 at 16:07







See if man keyrings (and SEE ALSOs) can answer some of your needs.

– Stéphane Chazelas
Jul 24 '17 at 16:07















Can you give a sample use case?

– sdkks
Jul 25 '17 at 1:25





Can you give a sample use case?

– sdkks
Jul 25 '17 at 1:25













A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

– Reiner Rottmann
Jul 25 '17 at 16:22





A sample usecase would be an invalid password retry counter or a write only variable e.g. enter a password that can be used by an application but cannot be read back by a regular user or only after authentication.

– Reiner Rottmann
Jul 25 '17 at 16:22













I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

– Reiner Rottmann
Aug 20 '17 at 11:18







I found keyrings with the keyctl utility to be a very good solution. Thanks for pointing that out! @StéphaneChazelas

– Reiner Rottmann
Aug 20 '17 at 11:18












3 Answers
3






active

oldest

votes


















3














You have got Redis for storing data structures and getting them after reboot, as the service saves the cache when going down.



https://redis.io



Redis does not use proc, runs at user land level, and you talk with it by default at 6379/TCP.



There are also APIs/extensions for a few languages, including python and PHP.



You can do also some diagnostics, and send some commands by telneting to it/wget/curl.



It can be password protected.



to install it on Debian



sudo apt-get install redis-server


.




Redis is an open source (BSD licensed), in-memory data structure
store, used as a database, cache and message broker. It supports data
structures such as strings, hashes, lists, sets, sorted sets with
range queries, bitmaps, hyperloglogs and geospatial indexes with
radius queries. Redis has built-in replication, Lua scripting, LRU
eviction, transactions and different levels of on-disk persistence...




From this Redis Quick Guide




Redis is an open source, advanced key-value store and an apt solution
for building highperformance, scalable web applications.



Redis has three main peculiarities that sets it apart.



Redis holds its database entirely in the memory, using the disk only
for persistence.



Redis has a relatively rich set of data types when compared to many
key-value data stores.



Redis can replicate data to any number of slaves.







share|improve this answer


























  • Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

    – Pedro
    Mar 1 '18 at 8:23











  • @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

    – Rui F Ribeiro
    Mar 1 '18 at 9:26













  • understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

    – Pedro
    Mar 1 '18 at 21:11



















0














Attending to your original question and subsequent comments, the answer is no.




Is there a possibility to place variables under the custody of the Linux kernel?



Ideally with persistency after reboot and unalterable between boots.



I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.




If you are looking for a way to store data securely, then you need a database of some kind and the means to ensure integrity of the data stored - which usually involves cryptography. This in itself creates several problems that need to be addressed carefully, such as key management, storage encryption, etc.



The kernel offers very few options for persistent data storage. There's keyring as mentioned which might help, but its purpose is slightly different. I have never studied the security of this kind of subsystem, so I would not be able to comment about its strength for your use case.






share|improve this answer
























  • IMO the problem is actually not having persistency.

    – Rui F Ribeiro
    Mar 1 '18 at 9:27



















0














You have Redis for putting away information structures and getting them after reboot, as the administration spares the store while going down. Just go to the below link is helpful for you.



https://hackr.io/tutorials/learn-redis






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f381462%2fsecure-variables-protected-by-linux-kernel%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3














    You have got Redis for storing data structures and getting them after reboot, as the service saves the cache when going down.



    https://redis.io



    Redis does not use proc, runs at user land level, and you talk with it by default at 6379/TCP.



    There are also APIs/extensions for a few languages, including python and PHP.



    You can do also some diagnostics, and send some commands by telneting to it/wget/curl.



    It can be password protected.



    to install it on Debian



    sudo apt-get install redis-server


    .




    Redis is an open source (BSD licensed), in-memory data structure
    store, used as a database, cache and message broker. It supports data
    structures such as strings, hashes, lists, sets, sorted sets with
    range queries, bitmaps, hyperloglogs and geospatial indexes with
    radius queries. Redis has built-in replication, Lua scripting, LRU
    eviction, transactions and different levels of on-disk persistence...




    From this Redis Quick Guide




    Redis is an open source, advanced key-value store and an apt solution
    for building highperformance, scalable web applications.



    Redis has three main peculiarities that sets it apart.



    Redis holds its database entirely in the memory, using the disk only
    for persistence.



    Redis has a relatively rich set of data types when compared to many
    key-value data stores.



    Redis can replicate data to any number of slaves.







    share|improve this answer


























    • Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

      – Pedro
      Mar 1 '18 at 8:23











    • @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

      – Rui F Ribeiro
      Mar 1 '18 at 9:26













    • understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

      – Pedro
      Mar 1 '18 at 21:11
















    3














    You have got Redis for storing data structures and getting them after reboot, as the service saves the cache when going down.



    https://redis.io



    Redis does not use proc, runs at user land level, and you talk with it by default at 6379/TCP.



    There are also APIs/extensions for a few languages, including python and PHP.



    You can do also some diagnostics, and send some commands by telneting to it/wget/curl.



    It can be password protected.



    to install it on Debian



    sudo apt-get install redis-server


    .




    Redis is an open source (BSD licensed), in-memory data structure
    store, used as a database, cache and message broker. It supports data
    structures such as strings, hashes, lists, sets, sorted sets with
    range queries, bitmaps, hyperloglogs and geospatial indexes with
    radius queries. Redis has built-in replication, Lua scripting, LRU
    eviction, transactions and different levels of on-disk persistence...




    From this Redis Quick Guide




    Redis is an open source, advanced key-value store and an apt solution
    for building highperformance, scalable web applications.



    Redis has three main peculiarities that sets it apart.



    Redis holds its database entirely in the memory, using the disk only
    for persistence.



    Redis has a relatively rich set of data types when compared to many
    key-value data stores.



    Redis can replicate data to any number of slaves.







    share|improve this answer


























    • Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

      – Pedro
      Mar 1 '18 at 8:23











    • @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

      – Rui F Ribeiro
      Mar 1 '18 at 9:26













    • understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

      – Pedro
      Mar 1 '18 at 21:11














    3












    3








    3







    You have got Redis for storing data structures and getting them after reboot, as the service saves the cache when going down.



    https://redis.io



    Redis does not use proc, runs at user land level, and you talk with it by default at 6379/TCP.



    There are also APIs/extensions for a few languages, including python and PHP.



    You can do also some diagnostics, and send some commands by telneting to it/wget/curl.



    It can be password protected.



    to install it on Debian



    sudo apt-get install redis-server


    .




    Redis is an open source (BSD licensed), in-memory data structure
    store, used as a database, cache and message broker. It supports data
    structures such as strings, hashes, lists, sets, sorted sets with
    range queries, bitmaps, hyperloglogs and geospatial indexes with
    radius queries. Redis has built-in replication, Lua scripting, LRU
    eviction, transactions and different levels of on-disk persistence...




    From this Redis Quick Guide




    Redis is an open source, advanced key-value store and an apt solution
    for building highperformance, scalable web applications.



    Redis has three main peculiarities that sets it apart.



    Redis holds its database entirely in the memory, using the disk only
    for persistence.



    Redis has a relatively rich set of data types when compared to many
    key-value data stores.



    Redis can replicate data to any number of slaves.







    share|improve this answer















    You have got Redis for storing data structures and getting them after reboot, as the service saves the cache when going down.



    https://redis.io



    Redis does not use proc, runs at user land level, and you talk with it by default at 6379/TCP.



    There are also APIs/extensions for a few languages, including python and PHP.



    You can do also some diagnostics, and send some commands by telneting to it/wget/curl.



    It can be password protected.



    to install it on Debian



    sudo apt-get install redis-server


    .




    Redis is an open source (BSD licensed), in-memory data structure
    store, used as a database, cache and message broker. It supports data
    structures such as strings, hashes, lists, sets, sorted sets with
    range queries, bitmaps, hyperloglogs and geospatial indexes with
    radius queries. Redis has built-in replication, Lua scripting, LRU
    eviction, transactions and different levels of on-disk persistence...




    From this Redis Quick Guide




    Redis is an open source, advanced key-value store and an apt solution
    for building highperformance, scalable web applications.



    Redis has three main peculiarities that sets it apart.



    Redis holds its database entirely in the memory, using the disk only
    for persistence.



    Redis has a relatively rich set of data types when compared to many
    key-value data stores.



    Redis can replicate data to any number of slaves.








    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Mar 1 '18 at 21:39

























    answered Jul 24 '17 at 15:42









    Rui F RibeiroRui F Ribeiro

    41.6k1483141




    41.6k1483141













    • Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

      – Pedro
      Mar 1 '18 at 8:23











    • @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

      – Rui F Ribeiro
      Mar 1 '18 at 9:26













    • understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

      – Pedro
      Mar 1 '18 at 21:11



















    • Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

      – Pedro
      Mar 1 '18 at 8:23











    • @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

      – Rui F Ribeiro
      Mar 1 '18 at 9:26













    • understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

      – Pedro
      Mar 1 '18 at 21:11

















    Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

    – Pedro
    Mar 1 '18 at 8:23





    Whilst redis can indeed be used as a type database, there is not much to it that lends itself to a secure solution as per the OP's requirements...

    – Pedro
    Mar 1 '18 at 8:23













    @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

    – Rui F Ribeiro
    Mar 1 '18 at 9:26







    @Pedro It is indeed a type database ; however it is not clear wether the requirements of the OP are realistic, and thus the answer as it is as redis being a suggestion for a persistent DB from a application usage point of view.Lastly, a couple of points. The infra-structure is just a secure as you design it, the fs, connecting between the frontend and backend can be encrypted either with IPsec or a SSL proxy, and you are not even obliged to place things in clear text in the redis database. big organisations are using redis. At the end of the day it also depends on how big is the data, et al.

    – Rui F Ribeiro
    Mar 1 '18 at 9:26















    understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

    – Pedro
    Mar 1 '18 at 21:11





    understood. my reading of the question suggested a security focused solution, hence my attempt to respond. also the implicit direction of 'held by the kernel, therefore secure' is a misconception that I wanted to clear. no intention to step on your toes, just thought I could contribute further. however, and for the sake of openness, I originally voted down your answer since your suggestion of using redis would be as good as sqlite or text files. I did not see how it fit the security aspect of the question.

    – Pedro
    Mar 1 '18 at 21:11













    0














    Attending to your original question and subsequent comments, the answer is no.




    Is there a possibility to place variables under the custody of the Linux kernel?



    Ideally with persistency after reboot and unalterable between boots.



    I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.




    If you are looking for a way to store data securely, then you need a database of some kind and the means to ensure integrity of the data stored - which usually involves cryptography. This in itself creates several problems that need to be addressed carefully, such as key management, storage encryption, etc.



    The kernel offers very few options for persistent data storage. There's keyring as mentioned which might help, but its purpose is slightly different. I have never studied the security of this kind of subsystem, so I would not be able to comment about its strength for your use case.






    share|improve this answer
























    • IMO the problem is actually not having persistency.

      – Rui F Ribeiro
      Mar 1 '18 at 9:27
















    0














    Attending to your original question and subsequent comments, the answer is no.




    Is there a possibility to place variables under the custody of the Linux kernel?



    Ideally with persistency after reboot and unalterable between boots.



    I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.




    If you are looking for a way to store data securely, then you need a database of some kind and the means to ensure integrity of the data stored - which usually involves cryptography. This in itself creates several problems that need to be addressed carefully, such as key management, storage encryption, etc.



    The kernel offers very few options for persistent data storage. There's keyring as mentioned which might help, but its purpose is slightly different. I have never studied the security of this kind of subsystem, so I would not be able to comment about its strength for your use case.






    share|improve this answer
























    • IMO the problem is actually not having persistency.

      – Rui F Ribeiro
      Mar 1 '18 at 9:27














    0












    0








    0







    Attending to your original question and subsequent comments, the answer is no.




    Is there a possibility to place variables under the custody of the Linux kernel?



    Ideally with persistency after reboot and unalterable between boots.



    I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.




    If you are looking for a way to store data securely, then you need a database of some kind and the means to ensure integrity of the data stored - which usually involves cryptography. This in itself creates several problems that need to be addressed carefully, such as key management, storage encryption, etc.



    The kernel offers very few options for persistent data storage. There's keyring as mentioned which might help, but its purpose is slightly different. I have never studied the security of this kind of subsystem, so I would not be able to comment about its strength for your use case.






    share|improve this answer













    Attending to your original question and subsequent comments, the answer is no.




    Is there a possibility to place variables under the custody of the Linux kernel?



    Ideally with persistency after reboot and unalterable between boots.



    I could think of a kernel module that allows access to the variables via /proc filesystem and storing the values in the kernel keyring.




    If you are looking for a way to store data securely, then you need a database of some kind and the means to ensure integrity of the data stored - which usually involves cryptography. This in itself creates several problems that need to be addressed carefully, such as key management, storage encryption, etc.



    The kernel offers very few options for persistent data storage. There's keyring as mentioned which might help, but its purpose is slightly different. I have never studied the security of this kind of subsystem, so I would not be able to comment about its strength for your use case.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 1 '18 at 8:21









    PedroPedro

    65739




    65739













    • IMO the problem is actually not having persistency.

      – Rui F Ribeiro
      Mar 1 '18 at 9:27



















    • IMO the problem is actually not having persistency.

      – Rui F Ribeiro
      Mar 1 '18 at 9:27

















    IMO the problem is actually not having persistency.

    – Rui F Ribeiro
    Mar 1 '18 at 9:27





    IMO the problem is actually not having persistency.

    – Rui F Ribeiro
    Mar 1 '18 at 9:27











    0














    You have Redis for putting away information structures and getting them after reboot, as the administration spares the store while going down. Just go to the below link is helpful for you.



    https://hackr.io/tutorials/learn-redis






    share|improve this answer




























      0














      You have Redis for putting away information structures and getting them after reboot, as the administration spares the store while going down. Just go to the below link is helpful for you.



      https://hackr.io/tutorials/learn-redis






      share|improve this answer


























        0












        0








        0







        You have Redis for putting away information structures and getting them after reboot, as the administration spares the store while going down. Just go to the below link is helpful for you.



        https://hackr.io/tutorials/learn-redis






        share|improve this answer













        You have Redis for putting away information structures and getting them after reboot, as the administration spares the store while going down. Just go to the below link is helpful for you.



        https://hackr.io/tutorials/learn-redis







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 28 at 7:28









        Ankit DixitAnkit Dixit

        1




        1






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f381462%2fsecure-variables-protected-by-linux-kernel%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            Is this a new Fibonacci Identity?

            19世紀