Pavel Machek wrote: > Hi! > > >>>Hi! What about doing it right? Encrypt it with symmetric cypher >>>and store key in suspend header. That way key is removed automagically >>>while fixing signatures. No need to clear anythink. >> >>Good idea. I'll have a look though it will take a while (busy with my job). >> >> >>>OTOH we may want to dm-crypt whole swap partition. >> >>This would leave the problem that the in-kernel data would be accessible >>on the swap device after resume. > > > I meant "when dm-crypt is used, encrypting swsusp data with second key > is no longer _that_ nice"...
Hmm, thinking of a future swsusp2 with initrd capabilites encrption of the suspend image itself is still useful to prevent data gathering after resume. Using dm-crypt for encryption of the swap partition in this case is useful during resume so this fits nicely together. BTW: I spent my day on implementing the encryption of the suspend image and will send patches after a few more tests. -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/