"John J. Lee" wrote:
> Given your point about security, wouldn't it be nice if there were yet
> another flag to indicate that encrypted partitions should just be
> turned off on suspend?
>
> This is more useful than it sounds -- not all partitions are mounted all
> the time. It might actually be convenient if you don't want to
> accidentally leave a partition accessible when you walk away from a
> machine and forget to losetup -d, or whatever.
Like Sean Neakums pointed out in earlier post to linux-crypto list, just
forcing unmount or losetup -d is not really an option. Maybe just checking
for encrypted loops in userspace _before_ starting suspend is a better
solution. Something like this:
#!/bin/bash
if losetup -a | grep -q -s "AES" ; then
echo "Found active encrypted loops, suspend aborted"
exit 1
fi
echo "now suspending..."
echo "1 0 0" > /proc/sys/kernel/swsusp
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
