On Tue, 17 Jul 2007, Dr. David Alan Gilbert wrote:
* david@xxxxxxx (david@xxxxxxx) wrote:
On Mon, 16 Jul 2007, Rafael J. Wysocki wrote:
Encryption is possible with both the userland hibernation (aka uswsusp) and
TuxOnIce (formerly known as suspend2). Still, I don't consider it as a
"must
have" feature for a framework to be generally useful (many users don't use
it
anyway).
he's talking about the main system useing an encrypted device/partition,
not the hibernate image being stored encrypted.
This would require the main system 'forget' the keys when it does the
hinbernate and prompt for it again during the wake-up phase.
Indeed - although as I say I really don't know what you would do with
apps using the mounts at that point. Still it seems like a
sensible requrest from the security side.
along the same lines, it would probably be a good idea to have the ability
for a system to re-ask for the pass phrase periodicly while the system is
running.
I see two possible approaches to these issues.
1. implement the periodic re-request capability, and when going into
hibernate time-out any known pass phrases.
this is a lot of work overall, but the suspend portion is trivial so there
would not be any suspend surprises.
2. flush the keyring on hibernate and have the resume process re-populate
it (either by pokeing directly into the memory, or by providing a table
that the resuming kernel reads from during wake-up to re-populate it)
this is less work, but it's all suspend related so it will get less
testing.
David Lang
_______________________________________________
linux-pm mailing list
linux-pm@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/linux-pm