Re: F33 BTRFS - Not enough swap space for hibernation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 7, 2020 at 2:04 AM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:

I think a higher priority is supporting encrypted authenticated
hibernation images. And arguably it's needed for swap as well, because
there are all kinds of private user data that can be evicted to swap.
It's another advantage of swap on zram, in that since it's volatile,
we don't have to worry about it as much when it comes to leaking user
data. It's not the same as being encrypted, of course, putting the
system in S3 means this private data could still be pilfered if the
attacker has physical access. But at least it's not persistent.


Why is encrypted and signed hibernation images a bigger priority ? Isn't that achieved with full disk encrypted systems ?

It is a good idea to setup disk based swap with a random key on each
boot. This means you don't have to enter a passphrase. But it also
means it can't be used for a hibernation image.


How would you do this even if I was not using hibernation ? Sounds pretty cool.
 
I think a key pre-requisite is working authenticated and signed
hibernation images. Until we can bring back hibernation support for
systems with UEFI Secure Boot, the most common configuration out of
the box, we're kinda stuck not being able to do much of anything with
hibernation.


It's sad that Linux isn't able to do hibernation with secure boot.



--
Regards,
Sreyan Chakravarty
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux