On Mon, Dec 7, 2020 at 2:04 AM Chris Murphy <li...@colorremedies.com> wrote:
> > I think a higher priority is supporting encrypted authenticated > hibernation images. And arguably it's needed for swap as well, because > there are all kinds of private user data that can be evicted to swap. > It's another advantage of swap on zram, in that since it's volatile, > we don't have to worry about it as much when it comes to leaking user > data. It's not the same as being encrypted, of course, putting the > system in S3 means this private data could still be pilfered if the > attacker has physical access. But at least it's not persistent. > > Why is encrypted and signed hibernation images a bigger priority ? Isn't that achieved with full disk encrypted systems ? It is a good idea to setup disk based swap with a random key on each > boot. This means you don't have to enter a passphrase. But it also > means it can't be used for a hibernation image. > > How would you do this even if I was not using hibernation ? Sounds pretty cool. > I think a key pre-requisite is working authenticated and signed > hibernation images. Until we can bring back hibernation support for > systems with UEFI Secure Boot, the most common configuration out of > the box, we're kinda stuck not being able to do much of anything with > hibernation. > > It's sad that Linux isn't able to do hibernation with secure boot. > -- Regards, Sreyan Chakravarty
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
