-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/07/11 05:08, Bryan Kadzban wrote: > Arno Wagner wrote: >> The other option would be to modify the resume process to >> ask you for the passphrase to the swap partition. I don't >> know whether that is possible. > > In an initramfs, I bet it is, though I've never tried it. Resuming from > hibernate is handled by writing the major:minor of the block device to > resume from into the /sys/power/resume file, and I would *guess* that > the device node can be a device-mapper child (such as dm-crypt or LVM > would create). I do not know about the details like what needs to be copied in which stage, but I can confirm that this works with tuxonice: Add to your initramfs a call to cryptsetup luksOpen enc-swap before initiating the resume process from /dev/mapper/enc-swap. I know this because this is the setup I have been using for the last couple of years :) > Of course, whether any given distro's initramfs setup can actually do > this (assuming it's possible in the kernel) is a different story. :-) I have recently tried out archlinux and it is pretty easy to add such a hook there. They also support udev inside their initramfs, so using a keyfile on a specific USB device to unlock your swap is also quite easy. (Using gentoo, I have been running into a lot of trouble with compatibility issues between udev and busybox-modprobe - used in my initramfs - lately) It is also no big deal if you just unlock *all* encrypted partitions before initiating the resume process, but it does not need to be done. >> It seems to me that there >> is actually no software hook or script thet gets executed >> during resume, > > From hibernate, there is. It's a normal bootup, including initramfs, > until some string gets written into /sys/power/resume. There might be > restrictions on when this write can happen, but I'm sure they at least > allow some initramfs code to run. Well, most of my initramfs runs before initiating resume :) Regards, Heiko - -- eMails verschlüsseln mit PGP - privacy is your right! Mein PGP-Key zur Verifizierung: http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0m7hgACgkQ/Vb5NagElAW3CQCcCxtTN/UmI5XAYZfLaRqBv7QV adIAn3U2NysZEES9ZlIzr4AvG9I9NUB5 =cHRj -----END PGP SIGNATURE----- _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
