Re: Hibernation considerations

[david]

On Tue, 17 Jul 2007, Dr. David Alan Gilbert wrote:

> * david@xxxxxxx (david@xxxxxxx) wrote:
> > On Mon, 16 Jul 2007, Rafael J. Wysocki wrote:
>
> > > Encryption is possible with both the userland hibernation (aka uswsusp) and
> > > TuxOnIce (formerly known as suspend2).  Still, I don't consider it as a
> > > "must
> > > have" feature for a framework to be generally useful (many users don't use
> > > it
> > > anyway).
> >
> > he's talking about the main system useing an encrypted device/partition,
> > not the hibernate image being stored encrypted.
> >
> > This would require the main system 'forget' the keys when it does the
> > hinbernate and prompt for it again during the wake-up phase.
>
> Indeed - although as I say I really don't know what you would do with
> apps using the mounts at that point.   Still it seems like a
> sensible requrest from the security side.

along the same lines, it would probably be a good idea to have the ability 
for a system to re-ask for the pass phrase periodicly while the system is 
running.

I see two possible approaches to these issues.

1. implement the periodic re-request capability, and when going into 
hibernate time-out any known pass phrases.

this is a lot of work overall, but the suspend portion is trivial so there 
would not be any suspend surprises.

2. flush the keyring on hibernate and have the resume process re-populate 
it (either by pokeing directly into the memory, or by providing a table 
that the resuming kernel reads from during wake-up to re-populate it)

this is less work, but it's all suspend related so it will get less 
testing.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/