1 .\" Copyright (c) 1980, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" From: @(#)swapon.8 8.1 (Berkeley) 6/5/93
36 .Nd "specify a device for crash dumps"
62 utility is used to configure where the kernel can save a crash dump in the case
65 System administrators should typically configure
67 in a persistent fashion using the
73 For more information on this usage, see
76 .Bl -tag -width _k_pubkey
78 Configure encrypted kernel dumps.
80 A random, one-time symmetric key is automatically generated for bulk kernel
81 dump encryption every time
86 is used to encrypt a copy of the symmetric key.
87 The encrypted dump contents consist of a standard dump header, the
88 pubkey-encrypted symmetric key contents, and the symmetric key encrypted core
91 As a result, only someone with the corresponding private key can decrypt the symmetric key.
92 The symmetric key is necessary to decrypt the kernel core.
93 The goal of the mechanism is to provide confidentiality.
97 file should be a PEM-formatted RSA key of at least 1024 bits.
99 List the currently configured dump device, or /dev/null if no device is
104 Enable compression (Zstandard).
106 Enable compression (gzip).
107 Only one compression method may be enabled at a time, so
112 Zstandard provides superior compression ratio and performance.
116 may also configure the kernel to dump to a remote
121 server is available in ports.)
123 eliminates the need to reserve space for crash dumps.
124 It is especially useful in diskless environments.
127 is used to configure netdump, the
131 parameter should specify a network interface (e.g.,
133 The specified NIC must be up (online) to configure netdump.
136 specific options include:
137 .Bl -tag -width _g_gateway
139 The local IP address of the
143 The first-hop router between
149 option is not specified and the system has a default route, the default
150 router is used as the
155 option is not specified and the system does not have a default route,
157 is assumed to be on the same link as
160 The IP address of the
165 All of these options can be specified in the
170 The default type of kernel crash dump is the mini crash dump.
171 Mini crash dumps hold only memory pages in use by the kernel.
172 Alternatively, full memory dumps can be enabled by setting the
177 For systems using full memory dumps, the size of the specified dump
178 device must be at least the size of physical memory.
179 Even though an additional 64 kB header is added to the dump, the BIOS for a
180 platform typically holds back some memory, so it is not usually
181 necessary to size the dump device larger than the actual amount of RAM
182 available in the machine.
183 Also, when using full memory dumps, the
185 utility will refuse to enable a dump device which is smaller than the
186 total amount of physical memory as reported by the
190 .Sh IMPLEMENTATION NOTES
191 Because the file system layer is already dead by the time a crash dump
192 is taken, it is not possible to send crash dumps directly to a file.
198 may be used to enable early kernel core dumps for system panics which occur
199 before userspace starts.
201 In order to generate an RSA private key, a user can use the
205 .Dl # openssl genrsa -out private.pem 4096
207 A public key can be extracted from the private key using the
211 .Dl # openssl rsa -in private.pem -out public.pem -pubout
213 Once the RSA keys are created in a safe place, the public key may be moved to
214 the untrusted netdump client machine.
219 to configure encrypted kernel crash dumps:
221 .Dl # dumpon -k public.pem /dev/ada0s1b
223 It is recommended to test if the kernel saves encrypted crash dumps using the
224 current configuration.
225 The easiest way to do that is to cause a kernel panic using the
229 .Dl # sysctl debug.kdb.panic=1
231 In the debugger the following commands should be typed to write a core dump and
234 .Dl db> call doadump(0)
239 should be able to save the core dump in the
245 .Dl # savecore /dev/ada0s1b
247 Three files should be created in the core directory:
251 .Pa vmcore_encrypted.#
254 is the number of the last core dump saved by
257 .Pa vmcore_encrypted.#
258 can be decrypted using the
262 .Dl # decryptcore -p private.pem -k key.# -e vmcore_encrypted.# -c vmcore.#
266 .Dl # decryptcore -p private.pem -n #
270 can be now examined using
273 .Dl # kgdb /boot/kernel/kernel vmcore.#
279 The core was decrypted properly if
281 does not print any errors.
282 Note that the live kernel might be at a different path
283 which can be examined by looking at the
308 Support for encrypted kernel core dumps and netdump was added in
313 manual page was written by
314 .An Mark Johnston Aq Mt markj@FreeBSD.org ,
315 .An Conrad Meyer Aq Mt cem@FreeBSD.org ,
316 .An Konrad Witaszczyk Aq Mt def@FreeBSD.org ,
317 and countless others.
319 To configure encrypted kernel core dumps, the running kernel must have been
324 Netdump does not automatically update the configured
326 if routing topology changes.
328 The size of a compressed dump or a minidump is not a fixed function of RAM
330 Therefore, when at least one of these options is enabled, the
332 utility cannot verify that the
334 has sufficient space for a dump.
336 is also unable to verify that a configured
338 server has sufficient space for a dump.
341 requires a kernel compiled with the
350 It is currently not possible to configure both compression and encryption.
351 The encrypted dump format assumes that the kernel dump size is a multiple
352 of the cipher block size, which may not be true when the dump is compressed.
354 Netdump only supports IPv4 at this time.
355 .Sh SECURITY CONSIDERATIONS
356 The current encrypted kernel core dump scheme does not provide integrity nor
358 That is, the recipient of an encrypted kernel core dump cannot know if they
359 received an intact core dump, nor can they verify the provenance of the dump.
361 RSA keys smaller than 1024 bits are practical to factor and therefore weak.
362 Even 1024 bit keys may not be large enough to ensure privacy for many
363 years, so NIST recommends a minimum of 2048 bit RSA keys.
366 prevents users from configuring encrypted kernel dumps with extremely weak RSA
368 If you do not care for cryptographic privacy guarantees, just use
374 This process is sandboxed using