Hi!
> > Hi! What about doing it right? Encrypt it with symmetric cypher
> > and store key in suspend header. That way key is removed automagically
> > while fixing signatures. No need to clear anythink.
>
> Good idea. I'll have a look though it will take a while (busy with my job).
>
> > OTOH we may want to dm-crypt whole swap partition.
>
> This would leave the problem that the in-kernel data would be accessible
> on the swap device after resume.
I meant "when dm-crypt is used, encrypting swsusp data with second key
is no longer _that_ nice"...
So perhaps we should encrypt swap by default with random key, and
reuse same code for swsusp...
> > -- pavel. Sent from mobile phone. Sorry for poor formatting.
>
> The only remark I do have here is that swsusp would then depend on
> crypto so the swsusp encryption should be a config option.
Yes. Not evereyone has so fast CPU that encryption is NOP.
Pavel
--
Boycott Kodak -- for their patent abuse against Java.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
