On Thu, Sep 23, 2010 at 11:50:26PM +0900, Osamu Aoki wrote: > On Thu, Sep 23, 2010 at 03:13:06PM +0100, Simon McVittie wrote: > ... > > By policy, we use full-disk encryption at my workplace (where full-disk > > really means "except the bootloader and /boot"). For a 2-year-old recipe for > > it, which I believe still mostly works with grub2, see > > http://smcv.pseudorandom.co.uk/2008/09/cryptroot/ > > Can we maintain suspend/resume type-features with such configuration? > > Unless we use unencrypted swap, it seems we have to give up > suspend/resume. Then we a bit of loose security .... > > How people cope with this on laptop ... I am curious.
You only need to give up *randomized* swap encryption. You can still have an encrypted swap, you just can't use a random key. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100923151401.ga7...@glandium.org
