as I am a little security aimed, my /usr, /var and /home (each on a separate
partition) are enrypted with luks.
Some time ago, I discovered, that when I suspend my system (suspend-to-disk),
and resume it again, I did not need to enter the password for /usr.
Well, my computer asked for it, but pressing enter for three times let the
system boot up. The resume device was the swap device, which was not
This means, at that time, the password to encrypt the partitions were stored
on the swap device when suspended. Very bad idea!!!
So, my solution was, to encrypt the swap partition, too (with luks). (Yes, I
know, this is not officially recommended)
That worked well in the security sense. But from now on appeared a new
problem: resume did not always work well (although the swap device was opened
well at resume) and from time to time I had to add the parameter "noresume" at
boot. Also not much satisfying.
Now I changed back to an unencrypted swap device, resume works well again.
However, the behaviour changed: When entering the wrong password at resume for
/usr three times, the system shuts off and reboots again. This new boot is a
fresh boot, it is no resume.
So far to the situatiion.
Now my notes/questions:
1. What is the status of suspend to disk at the moment, when we use encrypted
partitions with the prior look to security? Known bugs? Not possible?
2. When entering the wrong password(s), the system should not fresh reboot,
but starting in resume mode again.
3. I believe, the memory data and the swap data can be stored somewhere else,
so IMO it should be /usr by default. Good idea?
4. Do I need UUID entries in some config files? respective Are UUID entries
preferred before standard entries like /dev/sdaX?
My hardware is an EEEPC 1005HGO, debian/testing 32-bit, actual packet versions
I would be happy, when someone could make some things for me a little bit
clearer, as uswsusp also involves cryptsetup and update-iniramfs-tools, which
are also configured, when I run "dpkg-reconfigure uswsusp".
Maybe other people might also be interested in security and want to know.
Thanks for any help.