All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: folkert@vanheusden.com
Cc: Andreas Steinmetz <ast@domdv.de>,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH encrypted swsusp 0/3] encrypted swsusp image
Date: Mon, 11 Apr 2005 12:13:24 +0200	[thread overview]
Message-ID: <20050411101324.GA1353@elf.ucw.cz> (raw)
In-Reply-To: <20050411075441.GT29797@vanheusden.com>

Hi!

> > The following patches allow for encryption of the on-disk swsusp image
> > to prevent data gathering of e.g. in-kernel keys or mlocked data after
> > resume.
> > For this purpose the aes cipher must be compiled into the kernel as
> > module load is not possible at resume time.
> > A random key is generated at suspend time, stored in the suspend header
> > on disk and deleted from the header at resume time. If you don't resume
> > a mkswap on the suspend partition will also delete the temporary key.
> > Only the data pages are encrypted as only these may contain sensitive data.
> > This works on my x86_64 laptop (64bit mode) and probably needs testing
> > on other platforms.
> 
> What about an option for an user-defined key? One that can be set when
> suspending?

That's logical next step, but lets try to solve one problem at a time.

								Pavel
-- 
Boycott Kodak -- for their patent abuse against Java.

      reply	other threads:[~2005-04-11 10:13 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-10 23:19 [PATCH encrypted swsusp 0/3] encrypted swsusp image Andreas Steinmetz
2005-04-11  7:54 ` folkert
2005-04-11 10:13   ` Pavel Machek [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050411101324.GA1353@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=ast@domdv.de \
    --cc=folkert@vanheusden.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.