On Tue, 17 Jul 2007, Dr. David Alan Gilbert wrote:
* david@lang.hm (david@lang.hm) wrote:
On Mon, 16 Jul 2007, Rafael J. Wysocki wrote:
Encryption is possible with both the userland hibernation (aka uswsusp) and
TuxOnIce (formerly known as suspend2). Still, I don't consider it as a
"must
have" feature for a framework to be generally useful (many users don't use
it
anyway).
he's talking about the main system useing an encrypted device/partition,
not the hibernate image being stored encrypted.
This would require the main system 'forget' the keys when it does the
hinbernate and prompt for it again during the wake-up phase.
Indeed - although as I say I really don't know what you would do with
apps using the mounts at that point. Still it seems like a
sensible requrest from the security side.
along the same lines, it would probably be a good idea to have the ability
for a system to re-ask for the pass phrase periodicly while the system is
running.
I see two possible approaches to these issues.
1. implement the periodic re-request capability, and when going into
hibernate time-out any known pass phrases.
this is a lot of work overall, but the suspend portion is trivial so there
would not be any suspend surprises.
2. flush the keyring on hibernate and have the resume process re-populate
it (either by pokeing directly into the memory, or by providing a table
that the resuming kernel reads from during wake-up to re-populate it)
this is less work, but it's all suspend related so it will get less
testing.
David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
