Re: mlock(1)

[Stefan Seyfried <seife@suse.de>]

Andrea Arcangeli wrote:
> On Mon, Sep 27, 2004 at 08:16:43AM +0200, Stefan Seyfried wrote:

>>Why not ask on every boot? (and yes, the passphrase could be stored on a

> because I never use suspend/resume on my desktop, I never shutdown my
> desktop. I don't see why should I spend time typing a password when
> there's no need to. Every single guy out there will complain at linux
> hanging during boot asking for password before reaching kdm.

Well, there is more than one use case -> probably we need more than one 
implementation :-)

> I figured out how to make the swap encryption completely transparent to
> userspace, and even to swap suspend, so I think it's much better than
> having userspace asking the user for a password, or userspace choosing a
> random password.

That's fine for the never-enter-a-password case, but for the 
suspend-case, it's not so good since i want to close the lid and pack 
away the notebook. Two scenarios, two implementations.
> 
> 
>>And a resume is - in the beginning - a boot, so just ask early enough
>>(maybe the bootloader could do this?)
>  
> yes, but the bootloader passes the paramters via /proc/cmdline, and it's
> not nice to show the password in cleartext there.

We could mask it in /proc/cmdline or think of other mechanisms for 
passing the secret. Or just ask from the initramfs and start resuming 
after that.

> Keep in mind the password cannot be stored on the harddisk, or it would
> be trivial to find it for an attacker stoling the laptop.

> suspend/resume is just unusable for me on the laptop until we fix the
> crypto issues.

Well, as long as you need your entire $HOME or / encrypted, it's not 
easy. If you just need e.g. /secret/ encrypted userspace could umount it 
before suspend and remount it after resume (we also lock X etc, adding a 
umount / mount should be trivial).
-- 
Stefan Seyfried, QA / R&D Team Mobile Devices, SUSE LINUX AG Nürnberg.

"Any ideas, John?"
"Well, surrounding them's out."