Re: [PATCH] zero disk pages used by swsusp on resume

[Pavel Machek]

Hi!

> > Hi! What about doing it right? Encrypt it with symmetric cypher
> > and store key in suspend header. That way key is removed automagically
> > while fixing signatures. No need to clear anythink.
> 
> Good idea. I'll have a look though it will take a while (busy with my job).
> 
> > OTOH we may want to dm-crypt whole swap partition.
> 
> This would leave the problem that the in-kernel data would be accessible
> on the swap device after resume.

I meant "when dm-crypt is used, encrypting swsusp data with second key
is no longer _that_ nice"...

So perhaps we should encrypt swap by default with random key, and
reuse same code for swsusp...

> > -- pavel. Sent from  mobile phone. Sorry for poor formatting.
> 
> The only remark I do have here is that swsusp would then depend on
> crypto so the swsusp encryption should be a config option.

Yes. Not evereyone has so fast CPU that encryption is NOP.

								Pavel
-- 
Boycott Kodak -- for their patent abuse against Java.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/