Re: Questions about loop-aes and the implementation of encryptedfilesystems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lars Bungum wrote:
> I forgot to ask for your comments on the approach on this site I found
> on Google: http://perso.wanadoo.fr/pascal.brisset/initrd-swsusp/ I guess
> it's a pretty clear signal in the opposite direction if the Linux kernel
> developers are against it, but as suspend obviously could be a useful
> feature (making an encrypted system equal in use to a regular one), I'm
> wondering if you think it could be done like this, or know of other
> projects that will get us there in time?

Looks like that can be used to save software suspend image to encrypted loop
device. Encryption keys that were in kernel RAM at time of suspend are
protected by encryption, so the keys will not leak.

Simultaneous use of encrypted root partition + initrd-swsusp is going to
need more tweaks. Initrd code has to set up different loop device depending
if computer is doing normal boot to encrypted root or resume from encrypted
swsusp image. Maybe it is possible to set up both loops with same password
but different gpg encrypted key file.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux