From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.saout.de (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Wed, 30 Sep 2009 23:47:28 +0200 (CEST)
Received: from list by lo.gmane.org with local (Exim 4.50) id 1Mt71C-0005x3-CM
	for dm-crypt@saout.de; Wed, 30 Sep 2009 23:47:26 +0200
Received: from port-87-193-186-180.static.qsc.de ([87.193.186.180])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <dm-crypt@saout.de>; Wed, 30 Sep 2009 23:47:26 +0200
Received: from thomas by port-87-193-186-180.static.qsc.de with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <dm-crypt@saout.de>; Wed, 30 Sep 2009 23:47:26 +0200
From: =?ISO-8859-15?Q?Thomas_B=E4chler?= <thomas@archlinux.org>
Date: Wed, 30 Sep 2009 23:47:01 +0200
Message-ID: <ha0jkm$d80$1@ger.gmane.org>
References: <4AC21339.7070308@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <4AC21339.7070308@redhat.com>
Sender: news <news@ger.gmane.org>
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.1.0-rc1 (test release
	candidate)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Milan Broz schrieb:
> Changes since version 1.0.7
> ---------------------------
> 
> Important changes:
> ~~~~~~~~~~~~~~~~~~
> 
>  * Adds luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
> 
> 	luksSuspend wipe encryption key in kernel memory and set device to suspend
> 	(blocking all IO) state. This option can be used for situations when you need
> 	temporary wipe encryption key (like suspend to RAM etc.)
> 	Please read man page for more information.

I have a LUKS volume as a physical volume for my LVM volume group, which 
contains all my filesystems (including /). I was wondering if the 
following might work:

- Copy a static cryptsetup binary to a tmpfs
- cryptsetup luksSuspend
- echo mem >/sys/power/state
- cryptsetup luksResume

It would be an awesome feature, as it would make suspending safer.

>  * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
> 
> 	Please note that using different hash for LUKS header make device incompatible with
> 	old cryptsetup releases.

This looks interesting.

>  * Move command successful messages to verbose level.

Yay! I've applied a patch to cryptsetup for a while to make luksOpen 
quiet in case of success, this is much nicer in boot scripts. Thank you 
for this one.