Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: Martin Milata <b42-ml@srck.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume
Date: Fri, 28 Aug 2009 08:04:16 +0200	[thread overview]
Message-ID: <4A977360.3030605@redhat.com> (raw)
In-Reply-To: <20090827224617.GA31760@nyx.b42.cz>

Martin Milata wrote:
> Would it be possible to have e.g. luksSuspend and luksResume commands in
> cryptsetup, where luksSuspend would equal running "dmsetup suspend dev;
> dmsetup message dev 0 key wipe" (i.e. not really dependent on luks) and
> luksResume would get the password from user, decrypt the key in header
> and do equivalent of "dmsetup message dev 0 key set key; dmsetup resume
> dev"; and use luksSuspend before suspend-to-ram and luksResume after the
> wakeup?

Yes, I plan to add this, you can track this issue here
http://code.google.com/p/cryptsetup/issues/detail?id=3

> Does such a feature make sense or wouldn't it increase security of the
> partition in question at all?

Depends on situation, after key wipe there should be no
volume key in memory but memory still can contain unencrypted data...

> If it's not total nonsense and none of the developers would like to
> implement it himself, I'm willing to try to write a patch for
> cryptsetup.

It should be easy to implement but my priority is now prepare new libcryptsetup
api (will appear in svn soon) and implementation of these new features will follow
- over this new api. Old api remains in its current state without
new features added - just to retain compatibility, so implementing anything new
using it is waste of time for now:-)

Milan
--
mbroz@redhat.com

next prev parent reply	other threads:[~2009-08-28  6:04 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-27 22:46 [dm-crypt] cryptsetup support for dm-crypt suspend/resume Martin Milata
2009-08-28  6:04 ` Milan Broz [this message]
2009-08-28  9:40   ` Martin Milata
     [not found] ` <20090828052136.GA8035@tansi.org>
2009-08-28  6:13   ` Arno Wagner
2009-08-28  9:46   ` Martin Milata
2009-08-28 13:53     ` Arno Wagner
2009-08-28 14:28       ` Martin Milata
2009-08-28 14:44         ` Alasdair G Kergon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A977360.3030605@redhat.com \
    --to=mbroz@redhat.com \
    --cc=b42-ml@srck.net \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.