Re: [PATCH 0/3] dm-crypt: Adds support for wiping key when doing suspend/hibernation

[Mike Snitzer]

On Sun, Apr 05 2015 at  1:20pm -0400,
Pali Rohár <pali.rohar@xxxxxxxxx> wrote:

> This patch series increase security of suspend and hibernate actions. It allows
> user to safely wipe crypto keys before suspend and hibernate actions starts
> without race conditions on userspace process with heavy I/O.
> 
> To automatically wipe cryto key for <device> before hibernate action call:
> $ dmsetup message <device> 0 key wipe_on_hibernation 1
> 
> To automatically wipe cryto key for <device> before suspend action call:
> $ dmsetup message <device> 0 key wipe_on_suspend 1
> 
> (Value 0 after wipe_* string reverts original behaviour - to not wipe key)

Can you elaborate on the attack vector your changes are meant to protect
against?  The user already authorized access, why is it inherently
dangerous to _not_ wipe the associated key across these events?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/