Re: [PATCH encrypted swsusp 1/3] core functionality

[Andreas Steinmetz <ast@domdv.de>]

Herbert Xu wrote:
> On Wed, Apr 13, 2005 at 02:59:28PM +0200, Andreas Steinmetz wrote:
> 
>>Herbert Xu wrote:
>>
>>>What's wrong with using swap over dmcrypt + initramfs? People have
>>>already used that to do encrypted swsusp.
>>
>>Nothing. The problem is the fact that after resume there is then
>>unencrypted(*) data on disk that should never have been there, e.g.
>>dm-crypt keys, ssh keys, ...
> 
> 
> Why is that? In the case of swap over dmcrypt, swsusp never reads/writes
> the disk directly.  All operations are done through dmcrypt.
> 
> The user has to enter a password before the system can be resumed.

Think of it the following way: user suspend and later resumes. During
suspend some mlocked memory e.g. from ssh-agent gets dumped to swap.
Some days later the system gets broken in from a remote place.
Unfortunately the ssh keys are still on swap (assuming that ssh-agent is
not running then) and can be recovered by the intruder. The intruder can
then gain access to other sites with the data recovered from the earlier
suspend.

You see, it is not a matter of having encrypted swap, what matters here
is what suspend needs to write to swap and this can be stuff that does
not belong there so it needs to be erased after resume. And the easiest
way to do this is to encrypt the suspend image with a temporary key that
gets cleared on resume.

If you don't resume mkswap will also clear the key though i have to
admit that there's a small window then in which the key and data are
still accessible.
-- 
Andreas Steinmetz                       SPAMmers use robotrap@domdv.de