Date: Sun, 10 Apr 2005 20:56:55 +0200
From: Pavel Machek <pavel@ucw.cz>
To: Oliver Neukum <oliver@neukum.org>
Cc: Andreas Steinmetz <ast@domdv.de>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zero disk pages used by swsusp on resume
Message-ID: <20050410185655.GD1349@elf.ucw.cz>
References: <1113145420344@pavel_ucw.cz> <4259432F.4040206@domdv.de> <20050410181846.GB1349@elf.ucw.cz> <200504102045.22323.oliver@neukum.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200504102045.22323.oliver@neukum.org>
User-Agent: Mutt/1.5.6+20040907i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 914
Lines: 24

Hi!

> > > > Hi! What about doing it right? Encrypt it with symmetric cypher
> > > > and store key in suspend header. That way key is removed automagically
> > > > while fixing signatures. No need to clear anythink.
> 
> You might want to leave the key in the kernel image. You need to boot the
> same image anyway. Leaving the key in the header will not increase
> security while the os is down.

I believe leaving it in the header will be easier, and it is more
easily wiped, there, too.

If suspend fails, and user boots with noresume and mkswaps, key in
header will get rewritten, too. Good.
									Pavel

-- 
Boycott Kodak -- for their patent abuse against Java.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/