Message-ID: <42597FA7.2060407@domdv.de>
Date: Sun, 10 Apr 2005 21:33:59 +0200
From: Andreas Steinmetz <ast@domdv.de>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050322)
MIME-Version: 1.0
To: Pavel Machek <pavel@ucw.cz>
CC: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zero disk pages used by swsusp on resume
References: <1113145420344@pavel_ucw.cz> <4259432F.4040206@domdv.de> <20050410181846.GB1349@elf.ucw.cz>
In-Reply-To: <20050410181846.GB1349@elf.ucw.cz>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1302
Lines: 34

Pavel Machek wrote:
> Hi!
> 
> 
>>>Hi! What about doing it right? Encrypt it with symmetric cypher
>>>and store key in suspend header. That way key is removed automagically
>>>while fixing signatures. No need to clear anythink.
>>
>>Good idea. I'll have a look though it will take a while (busy with my job).
>>
>>
>>>OTOH we may want to dm-crypt whole swap partition.
>>
>>This would leave the problem that the in-kernel data would be accessible
>>on the swap device after resume.
> 
> 
> I meant "when dm-crypt is used, encrypting swsusp data with second key
> is no longer _that_ nice"...

Hmm, thinking of a future swsusp2 with initrd capabilites encrption of
the suspend image itself is still useful to prevent data gathering after
resume. Using dm-crypt for encryption of the swap partition in this case
is useful during resume so this fits nicely together.

BTW: I spent my day on implementing the encryption of the suspend image
and will send patches after a few more tests.
-- 
Andreas Steinmetz                       SPAMmers use robotrap@domdv.de
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/