Pavel Machek wrote:
> Thanks to Rafael's great work, we now have working encrypted suspend
> and resume. You'll need recent -mm kernel, and code from
> suspend.sf.net. Due to its use of RSA, you'll only need to enter
> password during resume.
so, how does it work? what is new? how is it different from alternative?
with suspend2 and dm-crypt I have encrypted supend too:
- one boot partition (plain), one root partition
- root partition is on dm-crypt. initramfs has tools to set it up.
- swap file on root parition
- suspend to that swap file.
- initramfs could first ask for the passphrase to an rsa key,
the key decrypts a binary file, the decrypted binary is the
dm-crypt key.
- resume could be triggered once the new root was mounted and
in place.
- usb access etc. should work as well in the initramfs, so I
could move the rsa key to my smart card as well.
haveing something similar in mainline would be a huge help.
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
