Hi!
> >>>To prevent data gathering from swap after resume you can encrypt the
> >>>suspend image with a temporary key that is deleted on resume. Note
> >>>that the temporary key is stored unencrypted on disk while the system
> >>>is suspended... still it means that saved data are wiped from disk
> >>>during resume by simply overwritting the key.
> >>
> >>hm, how useful is that? swap can still contain sensitive userspace
> >>stuff.
> >
> >At least userspace has chance to mark *really* sensitive stuff as
> >unswappable. Unfortunately that does not work against swsusp :-(.
> >
> >[BTW... I was thinking about just generating random key on swapon, and
> >using it, so that data in swap is garbage after reboot; no userspace
> >changes needed. What do you think?]
>
> I (and many others) are doing it already in userspace. Don't you know
> about dm-crypt? I think the idea is described in its docs or wiki...
I could not find anything in device-mapper/*; do you have pointer to
docs or wiki?
Pavel
--
teflon -- maybe it is a trademark, but it should not be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |