On Fri, Jan 07, 2011 at 09:40:09AM +0800, Aaron Lewis wrote: > Hi, > If i hibernate with an device opened , before i resume , an image was > written on swap partition , will there be a problem with my secret key's > disclosure ? > > Just an off-line attack , if swap is not encrypted. > > And is there any suggestion for this special operation ? Because my > root partition is also encrypted , so i can't simply close that device > before hibernation took place. > > Thanks. Did a Google search and ended up at something I said here some time ago that did not really help ;-) First, I do not know for sure how hibernation works. I never used it. What I could find out, is that hobernation does shut down the computer and boots it up into an image of the pre-hibernation state instead of going through the normal boot sequence. As fas as I can tell, all suspend methods do store all used memory pages to swap, and that definitely includes the kernel pages with the disk encryption keys. Now, with uncencrypted swap, that clearly exposes the keys. There seems to be an option to encrypt swap with a temporary key that gets wiped after resume. This way the encryption keys would be exposed during hibernation, but not after wakeup. It seems that with the swsup hibernation method that may be default behaviour. Some explanation here: http://www.freesoftwaremagazine.com/articles/hibernate_linux The other option would be to modify the resume process to ask you for the passphrase to the swap partition. I don't know whether that is possible. It seems to me that there is actually no software hook or script thet gets executed during resume, but that it is a full kernel-internal operation. I also see no reference to a possibility to pass swap encryption keys to the kernel. In this case, there is no way around the exposure during hibernate. I see a possible alternate way to do this. Use a virtualized environment for your system and suspend that to a device encrypted by the base system. Then you can hibernate the virtualized system, do a normal shutdown and reboot of the base system, configure the encrypted filesystem and unsuspend the virtual machine from it. I do that with a virtual machine for working on confidential data. More effort, but suspend to disk (=hibernation) and security do not really mix. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
