On Mon, 5 Aug 2002, Jari Ruusu wrote: > And even if loop thread did the 'refrigerator' thing, it would be really bad > security wise because the encryption keys would be written to disk when > kernel RAM is saved to disk. Of course that is not a problem with > unencrypted loops. > > Robert, can you send me URLs of the patches that you used? It may be > possible to add such code in '#ifdef CONFIG_SWSUSP / #endif' hunks, so that > it gets activated only if swsusp is enabled in kernel config. I can't > promise that it gets merged, but I will at least take a look at it. [...] Given your point about security, wouldn't it be nice if there were yet another flag to indicate that encrypted partitions should just be turned off on suspend? This is more useful than it sounds -- not all partitions are mounted all the time. It might actually be convenient if you don't want to accidentally leave a partition accessible when you walk away from a machine and forget to losetup -d, or whatever. John - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
