Hello, everyone:
I'm a fresh linux kernel developer and am working on the following project:

An ELF application is encrypted and I want it to be decrypted when the encrypted executable data is loaded in by the page fault handler, so that it's decrypted page by page and become runnable in the process's user space.

I have already successfully implemented the on-demand decryption in do_no_page() which will be invoked by the page fault handler when an encrypted page is loaded in. The system now can run an encrytped helloworld ELF program by decrypting it page by page in the page fault handler during the run time.

However, the problem is that since the decryption is done directly on the page cached file memory mapped page, after the program exits, the decrypted page in the page cache is available to other programs that wants to access the same ELF file, which is not secure. For example, suppose in the console:

> cp encrypted_helloworld encrypted_h
> ./encrypted_h
hello world!
>diff encrytped_helloworld encrypted_h
The two binaries differ.

The above is not what I want.
What I want is that after encrypted_h is executed, the file encrypted_h is the same as encrypted_helloworld! Here, diff obvious retrieves the decrypted data in encrypted_h file(may through the page cache, is it flushed to disk here?), which is not secure.

However, if I reboot the whole system, and again types:
> diff encrypted_helloworld encrytped_h
>
There's no difference now! Does it mean that the previous difference is caused by the page cache which is not flushed to disk on rebooting the system?

How can I modify the linux kernel so that even before rebooting the system, after "./encrypted_h", encrypted_h and encrypted_helloworld is the same for any user program that wants to access encrypted_h?

Yours sincrely,
Kikanjuu
2007-11-10