Re: [swsusp] encrypt suspend data for easy wiping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pavel Machek <[email protected]> wrote:
>
> To prevent data gathering from swap after resume you can encrypt the
> suspend image with a temporary key that is deleted on resume. Note
> that the temporary key is stored unencrypted on disk while the system
> is suspended... still it means that saved data are wiped from disk
> during resume by simply overwritting the key.

hm, how useful is that?  swap can still contain sensitive userspace stuff.

Are there any plans to allow the user to type the key in on resume?

> +Encrypted suspend image:
> +------------------------
> +If you want to store your suspend image encrypted with a temporary
> +key to prevent data gathering after resume you must compile
> +crypto and the aes algorithm into the kernel - modules won't work
> +as they cannot be loaded at resume time.

Why not just `select' the needed symbols in Kconfig?  It makes
configuration much easier for the user.

> +	if(!*tfm) {
> +	if(sizeof(key) < crypto_tfm_alg_min_keysize(*tfm)) {
> +	if (mode) {

Coding style nit: please use a single space after `if'.

> +fail:	crypto_free_tfm(*tfm);
> +out:	return error;

We conventionally insert a newline directly after labels.

> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT
> +#ifdef CONFIG_SWSUSP_ENCRYPT

err, no.  Please find a way to reduce the ifdeffery.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux