> The following patches allow for encryption of the on-disk swsusp image > to prevent data gathering of e.g. in-kernel keys or mlocked data after > resume. > For this purpose the aes cipher must be compiled into the kernel as > module load is not possible at resume time. > A random key is generated at suspend time, stored in the suspend header > on disk and deleted from the header at resume time. If you don't resume > a mkswap on the suspend partition will also delete the temporary key. > Only the data pages are encrypted as only these may contain sensitive data. > This works on my x86_64 laptop (64bit mode) and probably needs testing > on other platforms. What about an option for an user-defined key? One that can be set when suspending? Folkert van Heusden Auto te koop! Zie: http://www.vanheusden.com/daihatsu.php Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden! +------------------------------------------------------------------+ |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)| |a try, it brings monitoring logfiles to a different level! See | |http://vanheusden.com/multitail/features.html for a feature list. | +------------------------------------------= www.unixsoftware.nl =-+ Phone: +31-6-41278122, PGP-key: 1F28D8AE Get your PGP/GPG key signed at www.biglumber.com!
Attachment:
pgpJwD8m9IK6q.pgp
Description: PGP signature
- Follow-Ups:
- Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
- From: Pavel Machek <[email protected]>
- Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
- References:
- [PATCH encrypted swsusp 0/3] encrypted swsusp image
- From: Andreas Steinmetz <[email protected]>
- [PATCH encrypted swsusp 0/3] encrypted swsusp image
- Prev by Date: Re: bdflush/rpciod high CPU utilization, profile does not make sense
- Next by Date: Unable to boot 2.6.12-rc2-mm1 with command line maxcpus=1
- Previous by thread: [PATCH encrypted swsusp 0/3] encrypted swsusp image
- Next by thread: Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
- Index(es):
 |