From aa669c9d0bfa24f936eecc09c75ee2b9c2ab9c1d Mon Sep 17 00:00:00 2001 From: York Jasper Niebuhr Date: Sat, 30 Aug 2025 18:25:30 +0200 Subject: [PATCH] Moving darkrose to separate repository --- wirekits/darkrose/README.md | 0 wirekits/darkrose/main.cpp | 1 - wirekits/darkrose/plan.txt | 15 --------------- 3 files changed, 16 deletions(-) delete mode 100644 wirekits/darkrose/README.md delete mode 100644 wirekits/darkrose/main.cpp delete mode 100644 wirekits/darkrose/plan.txt diff --git a/wirekits/darkrose/README.md b/wirekits/darkrose/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/wirekits/darkrose/main.cpp b/wirekits/darkrose/main.cpp deleted file mode 100644 index 8b13789..0000000 --- a/wirekits/darkrose/main.cpp +++ /dev/null @@ -1 +0,0 @@ - diff --git a/wirekits/darkrose/plan.txt b/wirekits/darkrose/plan.txt deleted file mode 100644 index afcd652..0000000 --- a/wirekits/darkrose/plan.txt +++ /dev/null @@ -1,15 +0,0 @@ -1. SecureFS class - 1.1. In-memory cache for file-to-block mappings and directory structures - 1.2. Callbacks for reading/writing blocks (including meta data) - 1.3. Data loss prevention (every block is backed up as .swap before overwritten) - 1.4. Block structure: 8B id (0 for fs root), IV, tag, timestamp, enc(next block), enc(data) -2. Data unlocking - 2.1. During wirekit_prepare, shell takes commands - 2.2. "attach " unlocks a darkrose directory - 2.3. "finish" actually starts program execution or the rewire shell -3. Tracee data access - 3.1. Create new user namespace (rewire process is root in there) - 3.2. Create new mount namespace in the new user namespace (additive, still has access to system-wide files) - 3.3. Mount ramfs in the new mount namespace (never swaps) - 3.4. On open/openat, create plaintext version of file in ramfs and let tracee open it - 3.5. On close, take plaintext data from ramfs and encrypt it via SecureFS