Generated from commit: 978bccc

Signed-off-by: genie-openj9 <[email protected]>

Author: genie-openj9

criusupport/index.html

@@ -8690,7 +8690,13 @@ <h1 id="criu-support">CRIU support</h1>
 <li>CRIU is supported only on Red Hat Universal Images (UBI) 8 and 9.</li>
 </ul>
 <p>In OpenJ9, the CRIU support includes an API that you can use to stop the VM at a checkpoint, save its state, and then run the VM from the point where it was stopped. The period of time between when the VM starts and when the application takes a checkpoint is referred to as the <em>checkpoint phase</em>. The application writes the VM state that was saved at the checkpoint to one or more image files. The saved state includes memory pages, methods, file systems, processes, and network connections. You can restore the VM from these files multiple times from the same point and in multiple environments.</p>
-<p>Because the checkpoint image files have the live state of the VM that is used to restore the VM in different systems, they should not contain cryptographically-sensitive security data. If the image files contain sensitive security data, the security components are vulnerable to exploitation even if you don't move the image files between systems. The CRIU technical preview introduces the <code>CRIUSECProvider</code> security provider, which provides the following limited set of security services: <code>MessageDigest</code> and <code>SecureRandom</code>. When you enable CRIU support, all existing security providers are removed from the security provider list during the checkpoint phase, by default and <code>CRIUSECProvider</code> is added. When you restore the VM in the nonportable restore mode (<a href="../xxcriurestorenonportablemode/"><code>-XX:+CRIURestoreNonPortableMode</code></a>), <code>CRIUSECProvider</code> is removed from the security provider list and the previous security providers are added back again.</p>
+<p>Because the checkpoint image files have the live state of the VM that is used to restore the VM in different systems, they should not contain cryptographically-sensitive security data. If the image files contain sensitive security data, the security components are vulnerable to exploitation even if you don't move the image files between systems. The CRIU technical preview introduces the <code>CRIUSECProvider</code> security provider, which provides the following limited set of security services:</p>
+<ul>
+<li><code>MessageDigest</code>: <code>MD5</code>, <code>SHA-1</code> and <code>SHA-256</code></li>
+<li><code>SecureRandom</code></li>
+<li><code>MAC: HmacSHA256</code></li>
+</ul>
+<p>When you enable CRIU support, all existing security providers are removed from the security provider list during the checkpoint phase, by default and <code>CRIUSECProvider</code> is added. When you restore the VM in the nonportable restore mode (<a href="../xxcriurestorenonportablemode/"><code>-XX:+CRIURestoreNonPortableMode</code></a>), <code>CRIUSECProvider</code> is removed from the security provider list and the previous security providers are added back again.</p>
 <p><img alt="Start of content that applies to Java 11 (LTS) and later" src="../cr/java11plus.png" /> You can disable <code>CRIUSECProvider</code> during the checkpoint phase with the <code>-XX:-CRIUSecProvider</code> option. For more information, see <a href="../xxcriusecprovider/"><code>-XX:[+|-]CRIUSecProvider</code></a>. <img alt="End of content that applies to Java 11 (LTS) and later" src="../cr/java_close.png" /></p>
 <p>When the VM starts from the saved point instead of the beginning, the VM startup time improves.</p>
 <h2 id="enabling-criu-support">Enabling CRIU support</h2>