All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andreas Steinmetz <ast@domdv.de>
To: Pavel Machek <pavel@ucw.cz>
Cc: Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: [PATCH encrypted swsusp 0/3] encrypted swsusp image
Date: Mon, 11 Apr 2005 01:19:09 +0200	[thread overview]
Message-ID: <4259B46D.9020402@domdv.de> (raw)

The following patches allow for encryption of the on-disk swsusp image
to prevent data gathering of e.g. in-kernel keys or mlocked data after
resume.

For this purpose the aes cipher must be compiled into the kernel as
module load is not possible at resume time.

A random key is generated at suspend time, stored in the suspend header
on disk and deleted from the header at resume time. If you don't resume
a mkswap on the suspend partition will also delete the temporary key.

Only the data pages are encrypted as only these may contain sensitive data.

This works on my x86_64 laptop (64bit mode) and probably needs testing
on other platforms.
-- 
Andreas Steinmetz                       SPAMmers use robotrap@domdv.de



             reply	other threads:[~2005-04-10 23:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-10 23:19 Andreas Steinmetz [this message]
2005-04-11  7:54 ` [PATCH encrypted swsusp 0/3] encrypted swsusp image folkert
2005-04-11 10:13   ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4259B46D.9020402@domdv.de \
    --to=ast@domdv.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.