encrypted hibernation (was Re: Hibernation considerations)

From: Pavel Machek
Date: Sun Aug 05 2007 - 15:57:17 EST

Next message: Richard Knutsson: "Re: [PATCH] sonypi: Fix initialization warning"
Previous message: Arjan van de Ven: "Re: [patch] implement smarter atime updates support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > > Two things which I think would be nice to consider are:
> > > 1) Encryption - I'd actually prefer if my luks device did not
> > > remember the key accross a hibernation; I want to be forced to
> > > reenter the phrase. However I don't know what the best thing
> > > to do to partitions/applications using the luks device is.
> >
> > Encryption is possible with both the userland hibernation (aka uswsusp) and
> > TuxOnIce (formerly known as suspend2). Still, I don't consider it as a "must
> > have" feature for a framework to be generally useful (many users don't use it
> > anyway).
>
> If a user uses an encrypted filesystem, then he also needs an encrypted
> swap and encrypted hibernation image: Otherwise the fileystem encryption
> is not very useful.

Actually, we can do most of that stuff already.

We can encrypt filesystems, encrypt swaps (LVM), and encrypt hibernation.

What we _can't_ do is to hibernate on LVM encrypted partition, and we
could only suspend to swap partition. Bad combination, but here's way
out: just use separate (raw) partition for hibernation.

Ok, that needs re-partitioning; if that's bad, just swapoff before
hibernation and mkswap/swapon after its done.

Index: suspend.c
===================================================================
RCS file: /cvsroot/suspend/suspend/suspend.c,v
retrieving revision 1.82
diff -u -u -r1.82 suspend.c
--- suspend.c 29 Jul 2007 12:48:10 -0000 1.82
+++ suspend.c 5 Aug 2007 19:49:05 -0000
@@ -59,6 +59,7 @@
static unsigned long pref_image_size = IMAGE_SIZE;
static int suspend_loglevel = SUSPEND_LOGLEVEL;
static char compute_checksum;
+static int raw_partition = 1;
#ifdef CONFIG_COMPRESS
static char compress;
#else
@@ -184,6 +185,9 @@
int error;
loff_t free_swap;

+ if (raw_partition)
+ return 1*1024*1024*1024;
+
error = ioctl(dev, SNAPSHOT_AVAIL_SWAP, &free_swap);
if (!error)
return free_swap;
@@ -197,6 +201,12 @@
int error;
loff_t offset;

+ if (raw_partition) {
+ static int cur_offset = 0;
+ cur_offset += page_size;
+ return cur_offset;
+ }
+
error = ioctl(dev, SNAPSHOT_GET_SWAP_PAGE, &offset);
if (!error)
return offset;
@@ -205,6 +215,8 @@

static inline int free_swap_pages(int dev)
{
+ if (raw_partition)
+ return 0;
return ioctl(dev, SNAPSHOT_FREE_SWAP_PAGES, 0);
}

@@ -213,6 +225,8 @@
struct resume_swap_area swap;
int error;

+ if (raw_partition)
+ return 0;
swap.dev = blkdev;
swap.offset = offset;
error = ioctl(dev, SNAPSHOT_SET_SWAP_AREA, &swap);

--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Knutsson: "Re: [PATCH] sonypi: Fix initialization warning"
Previous message: Arjan van de Ven: "Re: [patch] implement smarter atime updates support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]