Re: Announcing crypto suspend

From: Andreas Jellinghaus
Date: Mon Mar 20 2006 - 09:27:40 EST

Next message: Ingo Molnar: "Re: [patch] latency-tracing-v2.6.16"
Previous message: Alan Cox: "Re: Lindent and coding style"
In reply to: Pavel Machek: "Announcing crypto suspend"
Next in thread: Peter Wainwright: "Re: Announcing crypto suspend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek wrote:
> Thanks to Rafael's great work, we now have working encrypted suspend
> and resume. You'll need recent -mm kernel, and code from
> suspend.sf.net. Due to its use of RSA, you'll only need to enter
> password during resume.

so, how does it work? what is new? how is it different from alternative?
with suspend2 and dm-crypt I have encrypted supend too:
- one boot partition (plain), one root partition
- root partition is on dm-crypt. initramfs has tools to set it up.
- swap file on root parition
- suspend to that swap file.
- initramfs could first ask for the passphrase to an rsa key,
the key decrypts a binary file, the decrypted binary is the
dm-crypt key.
- resume could be triggered once the new root was mounted and
in place.
- usb access etc. should work as well in the initramfs, so I
could move the rsa key to my smart card as well.

haveing something similar in mainline would be a huge help.

Andreas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [patch] latency-tracing-v2.6.16"
Previous message: Alan Cox: "Re: Lindent and coding style"
In reply to: Pavel Machek: "Announcing crypto suspend"
Next in thread: Peter Wainwright: "Re: Announcing crypto suspend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]