On Fri, Aug 28, 2009 at 11:46:17AM +0200, Martin Milata wrote: > On Fri, Aug 28, 2009 at 07:21:36 +0200, Arno Wagner wrote: > > Makes sense and increases security. I am wondering however whether > > this could just be scripted by > > 1) Store all parameters besides key in some file > > 2) Completely remove and umount the device before suspend. > > 3) An resume: Use a wraper around dm-crypt that gets the parameters > > from the file, asks for the password and initializes and mounts > > the device just as if it was newly created. > > If I understand it correctly, this would require unmounting the > partition (and thus killing all programs using it), which I would like > to avoid. And cached contents of the filesystem would probably remain in > RAM anyway. I am not sure you even can remove the mapping (and hence the encryption) without umounting. If you can, that would be better, obviously but then you likely have to do that with specialised code. But this may be a case where suspending is not really possible. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
