Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.1.0-rc1 (test release candidate)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Thomas Bächler" <thomas@archlinux.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.1.0-rc1 (test release candidate)
Date: Wed, 30 Sep 2009 23:47:01 +0200	[thread overview]
Message-ID: <ha0jkm$d80$1@ger.gmane.org> (raw)
In-Reply-To: <4AC21339.7070308@redhat.com>

Milan Broz schrieb:
> Changes since version 1.0.7
> ---------------------------
> 
> Important changes:
> ~~~~~~~~~~~~~~~~~~
> 
>  * Adds luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
> 
> 	luksSuspend wipe encryption key in kernel memory and set device to suspend
> 	(blocking all IO) state. This option can be used for situations when you need
> 	temporary wipe encryption key (like suspend to RAM etc.)
> 	Please read man page for more information.

I have a LUKS volume as a physical volume for my LVM volume group, which 
contains all my filesystems (including /). I was wondering if the 
following might work:

- Copy a static cryptsetup binary to a tmpfs
- cryptsetup luksSuspend
- echo mem >/sys/power/state
- cryptsetup luksResume

It would be an awesome feature, as it would make suspending safer.

>  * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
> 
> 	Please note that using different hash for LUKS header make device incompatible with
> 	old cryptsetup releases.

This looks interesting.

>  * Move command successful messages to verbose level.

Yay! I've applied a patch to cryptsetup for a while to make luksOpen 
quiet in case of success, this is much nicer in boot scripts. Thank you 
for this one.

     prev parent reply	other threads:[~2009-09-30 21:47 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-29 14:01 [dm-crypt] [ANNOUNCE] cryptsetup 1.1.0-rc1 (test release candidate) Milan Broz
2009-09-30 21:47 ` Thomas Bächler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='ha0jkm$d80$1@ger.gmane.org' \
    --to=thomas@archlinux.org \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.