Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image

All of lore.kernel.org
 help / color / mirror / Atom feed

From: folkert@vanheusden.com
To: Andreas Steinmetz <ast@domdv.de>
Cc: Pavel Machek <pavel@ucw.cz>,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
Date: Mon, 11 Apr 2005 09:54:43 +0200	[thread overview]
Message-ID: <20050411075441.GT29797@vanheusden.com> (raw)
In-Reply-To: <4259B46D.9020402@domdv.de>

[-- Attachment #1: Type: text/plain, Size: 1334 bytes --]

> The following patches allow for encryption of the on-disk swsusp image
> to prevent data gathering of e.g. in-kernel keys or mlocked data after
> resume.
> For this purpose the aes cipher must be compiled into the kernel as
> module load is not possible at resume time.
> A random key is generated at suspend time, stored in the suspend header
> on disk and deleted from the header at resume time. If you don't resume
> a mkswap on the suspend partition will also delete the temporary key.
> Only the data pages are encrypted as only these may contain sensitive data.
> This works on my x86_64 laptop (64bit mode) and probably needs testing
> on other platforms.

What about an option for an user-defined key? One that can be set when
suspending?


Folkert van Heusden

Auto te koop! Zie: http://www.vanheusden.com/daihatsu.php
Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
+------------------------------------------------------------------+
|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
|a try, it brings monitoring logfiles to a different level! See    |
|http://vanheusden.com/multitail/features.html for a feature list. |
+------------------------------------------= www.unixsoftware.nl =-+
Phone: +31-6-41278122, PGP-key: 1F28D8AE
Get your PGP/GPG key signed at www.biglumber.com!

[-- Attachment #2: Type: application/pgp-signature, Size: 282 bytes --]

next prev parent reply	other threads:[~2005-04-11  7:54 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-10 23:19 [PATCH encrypted swsusp 0/3] encrypted swsusp image Andreas Steinmetz
2005-04-11  7:54 ` folkert [this message]
2005-04-11 10:13   ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050411075441.GT29797@vanheusden.com \
    --to=folkert@vanheusden.com \
    --cc=ast@domdv.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.