On Sun, 31 Dec 2023 at 21:22:36 +0800, YunQiang Su wrote: >> Is there any reason to not just use systemd-cryptenroll? > > Yes. I tried to use systemd-cryptenroll, while it cannot work with > cryptsetup-suspend. > I need a way to suspend or hibernate without disks decrypted.
Seems like this should be a wishlist bug against cryptsetup-suspend not an ITP. I don't foresee any reason why this wouldn't work once #1023700 and #1031254 are fixed. > The passphrase is stored in /var/cache, and switch_root will clean > all of them, so I guess it won't leak. The partition might be backed by plain-test drives or similar, so it can't be used to write sensitive data. -- Guilhem.
signature.asc
Description: PGP signature