YJN/rewire
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Added darkrose plan

Browse Source
This commit is contained in:
York Jasper Niebuhr 2025-08-30 14:29:06 +02:00
parent 3f2f0966f1
commit d97c3b0625
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
wirekits/darkrose/plan.txt Normal file
View File

@ -0,0 +1,15 @@
1. SecureFS class
1.1. In-memory cache for file-to-block mappings and directory structures
1.2. Callbacks for reading/writing blocks (including meta data)
1.3. Data loss prevention (every block is backed up as .swap before overwritten)
1.4. Block structure: 8B id (0 for fs root), IV, tag, timestamp, enc(next block), enc(data)
2. Data unlocking
2.1. During wirekit_prepare, shell takes commands
2.2. "attach <directory>" unlocks a darkrose directory
2.3. "finish" actually starts program execution or the rewire shell
3. Tracee data access
3.1. Create new user namespace (rewire process is root in there)
3.2. Create new mount namespace in the new user namespace (additive, still has access to system-wide files)
3.3. Mount ramfs in the new mount namespace (never swaps)
3.4. On open/openat, create plaintext version of file in ramfs and let tracee open it
3.5. On close, take plaintext data from ramfs and encrypt it via SecureFS