Re: [PATCH encrypted swsusp 1/3] core functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pavel Machek wrote:
> I'd like to retain ability to read suspend image in any order (so that
> code can be reused for swap encryption, etc).
> 								Pavel

This is not possible with cipher block chaining as used right now. One
would have to use a non-random iv set needs to set for every page. And
this leads to exactly the same problem why dm-crypt now offers the
'essiv' mode. I don't know if a random access feature is worth this
effort as sequential disk access (sequential write, sequential read) is
usally the fastest method anyway.

For regular swap encryption I do hope that the initrd feature of swsup2
will eventually find its way into the mainline kernel. This way you can
have an external key for dm-crypt to access the encrypted swap partition.

dm-crypt thus would guard the system during suspend/poweroff while the
encrypted suspend image guards against data gathering after
resume/reboot (the latter when mkswap is used).
-- 
Andreas Steinmetz                       SPAMmers use [email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux