[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
Christian wrote:
> at item 12 and 13c in the loop-AES readme (boot from CD), from which
> directory do I run the script and lilo?
Step 12: run from loop-AES source directory.
Step 13c: any directory will do.
> >>And is it possible to suspend to disk with root encryption?
> > I don't recommend suspend when there are encryption keys in kernel RAM.
>
> Wouldn't the keys be encrypted when written to disk with suspend? Is it
> possible in theory to use suspend to disk without an unencrypted partition?
Some time ago I saw someone do suspend to encrypted partition, but problem
with that was the restore part that had to set up encrypted loop device to
restore from, which included mounting a file system. Kernel gurus said that
the mount thingy before restore-from-suspend caused some sort of
inconsistency between on-disk data and kernel page cache, or something like
that. IOW, don't do that.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
- References:
- Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
- Re: Encrypted swap, suspend, README, root encryption, potential weaknesses,NSA, dual-ciphers
- Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
- Prev by Date:
Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
- Next by Date:
Choosing the passphrase, encrypted swap, naming the kernel
- Previous by thread:
Re: Choosing the passphrase, encrypted swap, naming the kernel
- Next by thread:
Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
- Index(es):