Kernel crash dumps contain information about currently running processes. They can include sensitive data, for example passwords kept in memory by a browser when a kernel panic occurred. A person who can read data from a dump device or a crash directory can also extract these information from a core dump. In order to prevent this situation the core dump should be encrypted before it is stored on the dump device.

This project allows a kernel to encrypt a core dump during a panic. A user can configure the kernel and save the core dump after reboot using existing tools, i.e. dumpon(8) and savecore(8). A new tool decryptcore(8) was added to decrypt the core.

A patch review has been sent to the FreeBSD's Phabricator. The project is currently being changed due to the review comments and should be committed as soon as it is accepted. For more technical details please visit the freebsd-security mailing list or see the review.