On 08/29/2017 02:42 PM, dm-crypt@xxxxxxxxxxxxxxxxx wrote: > > That sounds interesting, but I'm not sure if it will help. I try to kill > the erase the key before I suspend on ram so that cold boot attack don't > work here. If its in the kernel keyring It should be still possible to > find it in the memory. Or have I misread that keyring conzept? Yes, you are correct. For this key (volume key) it can be wiped after dm-crypt device is activated, the reaon to use keyring is that the key is no longer included in dm-ioctl and dm-crypt no longer need to keep the key in its internal structures. Now during dm-crypt device lifetime (except luksSuspend) the key is in memory in several places: dm-crypt struct and then in crypto API engine - usually multiple times (per CPU, depends on crypto module implementation). Dm-crypt wipe command should wipe all these keys. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
