Re: [swsusp] encrypt suspend data for easy wiping

From: Andrew Morton
Date: Mon Jul 25 2005 - 22:12:48 EST


Andreas Steinmetz <ast@xxxxxxxx> wrote:
>
> the attached patches are acked by Pavel and signed off by me

OK, well I queued this up, without a changelog. Because you didn't send
one. Please do so. As it adds a new feature, quite a bit of info is
relevant.

It should include a description of what the patch tries to do, and how it
does it. It should include a description of any known shortcomings. If
any user configuration is needed then that should be placed somewhere under
Documentation/

Take a look at how other people document their feature additions and you'll
get the idea.

Please don't send multiple patches per email. In this case I did the
handwork and put both diffs into the same patch.

Personally, I don't like this:

+config SWSUSP_ENCRYPT
+ bool "Encrypt suspend image"
+ depends on SOFTWARE_SUSPEND && CRYPTO=y && (CRYPTO_AES=y || CRYPTO_AES_586=y || CRYPTO_AES_X86_64=y)

This requires the user to hunt around in config until all the right options
are enabled to permit SWSUSP_ENCRYPT to appear in config. That can be
quite frustrating and is very poor UI.

For a top-level feature such as this it is much better to always offer the
feature to the user and to then use `select' to turn on all the
infrastructure bits which the user will need. Make the computer do the
work rather than the user.

Yes, it might be a bit tricky in this case because you have a dependency on
one of the AES encryption types, but it would be good if you can come up
with something which doesn't force the user into a game of hide-and-seek.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/