Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
Hi! > > The following patches allow for encryption of the on-disk swsusp image > > to prevent data gathering of e.g. in-kernel keys or mlocked data after > > resume. > > For this purpose the aes cipher must be compiled into the kernel as > > module load is not possible at resume time. > > A random key is generated at suspend time, stored in the suspend header > > on disk and deleted from the header at resume time. If you don't resume > > a mkswap on the suspend partition will also delete the temporary key. > > Only the data pages are encrypted as only these may contain sensitive data. > > This works on my x86_64 laptop (64bit mode) and probably needs testing > > on other platforms. > > What about an option for an user-defined key? One that can be set when > suspending? That's logical next step, but lets try to solve one problem at a time. Pavel -- Boycott Kodak -- for their patent abuse against Java. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
> The following patches allow for encryption of the on-disk swsusp image > to prevent data gathering of e.g. in-kernel keys or mlocked data after > resume. > For this purpose the aes cipher must be compiled into the kernel as > module load is not possible at resume time. > A random key is generated at suspend time, stored in the suspend header > on disk and deleted from the header at resume time. If you don't resume > a mkswap on the suspend partition will also delete the temporary key. > Only the data pages are encrypted as only these may contain sensitive data. > This works on my x86_64 laptop (64bit mode) and probably needs testing > on other platforms. What about an option for an user-defined key? One that can be set when suspending? Folkert van Heusden Auto te koop! Zie: http://www.vanheusden.com/daihatsu.php Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden! +--+ |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)| |a try, it brings monitoring logfiles to a different level! See| |http://vanheusden.com/multitail/features.html for a feature list. | +--= www.unixsoftware.nl =-+ Phone: +31-6-41278122, PGP-key: 1F28D8AE Get your PGP/GPG key signed at www.biglumber.com! pgpNAtjpp9ckB.pgp Description: PGP signature
[PATCH encrypted swsusp 0/3] encrypted swsusp image
The following patches allow for encryption of the on-disk swsusp image to prevent data gathering of e.g. in-kernel keys or mlocked data after resume. For this purpose the aes cipher must be compiled into the kernel as module load is not possible at resume time. A random key is generated at suspend time, stored in the suspend header on disk and deleted from the header at resume time. If you don't resume a mkswap on the suspend partition will also delete the temporary key. Only the data pages are encrypted as only these may contain sensitive data. This works on my x86_64 laptop (64bit mode) and probably needs testing on other platforms. -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/