> Bjorn Andersson wrote: > > Patch to the dm-crypt module so that it hides the crypto-key from > > userland. (dmsetup table) > > Does it also overwrite the key in memory when unloading dm-crypt, make > sure that the memory is pinned so the key doesn't leak to swap, unload > the key before a 'hibernate', and that sort of stuff? > > -- > > dm-devel@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/dm-devel No, this does only report a key of zeros when the status is requested. The unloading thing is no problem to fix, but how should the 'hibernate' thing work? When you resume after a 'hibernate' you probably expect that the device is there, especially if it's on the root partition. But I clearly see your point. // Bjorn
