Lars Bungum wrote: > I forgot to ask for your comments on the approach on this site I found > on Google: http://perso.wanadoo.fr/pascal.brisset/initrd-swsusp/ I guess > it's a pretty clear signal in the opposite direction if the Linux kernel > developers are against it, but as suspend obviously could be a useful > feature (making an encrypted system equal in use to a regular one), I'm > wondering if you think it could be done like this, or know of other > projects that will get us there in time? Looks like that can be used to save software suspend image to encrypted loop device. Encryption keys that were in kernel RAM at time of suspend are protected by encryption, so the keys will not leak. Simultaneous use of encrypted root partition + initrd-swsusp is going to need more tweaks. Initrd code has to set up different loop device depending if computer is doing normal boot to encrypted root or resume from encrypted swsusp image. Maybe it is possible to set up both loops with same password but different gpg encrypted key file. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
