Christian wrote: > at item 12 and 13c in the loop-AES readme (boot from CD), from which > directory do I run the script and lilo? Step 12: run from loop-AES source directory. Step 13c: any directory will do. > >>And is it possible to suspend to disk with root encryption? > > I don't recommend suspend when there are encryption keys in kernel RAM. > > Wouldn't the keys be encrypted when written to disk with suspend? Is it > possible in theory to use suspend to disk without an unencrypted partition? Some time ago I saw someone do suspend to encrypted partition, but problem with that was the restore part that had to set up encrypted loop device to restore from, which included mounting a file system. Kernel gurus said that the mount thingy before restore-from-suspend caused some sort of inconsistency between on-disk data and kernel page cache, or something like that. IOW, don't do that. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
