Re: [swsusp] encrypt suspend data for easy wiping

Wed, 06 Jul 2005 05:14:50 -0700 

Hi!

> > To prevent data gathering from swap after resume you can encrypt the
> > suspend image with a temporary key that is deleted on resume. Note
> > that the temporary key is stored unencrypted on disk while the system
> > is suspended... still it means that saved data are wiped from disk
> > during resume by simply overwritting the key.
> 
> hm, how useful is that?  swap can still contain sensitive userspace
> stuff.

At least userspace has chance to mark *really* sensitive stuff as
unswappable. Unfortunately that does not work against swsusp :-(.

[BTW... I was thinking about just generating random key on swapon, and
using it, so that data in swap is garbage after reboot; no userspace
changes needed. What do you think?]

> Are there any plans to allow the user to type the key in on resume?

Plans... ;-).

> > +Encrypted suspend image:
> > +------------------------
> > +If you want to store your suspend image encrypted with a temporary
> > +key to prevent data gathering after resume you must compile
> > +crypto and the aes algorithm into the kernel - modules won't work
> > +as they cannot be loaded at resume time.
> 
> Why not just `select' the needed symbols in Kconfig?  It makes
> configuration much easier for the user.
> 
> > +   if(!*tfm) {
> > +   if(sizeof(key) < crypto_tfm_alg_min_keysize(*tfm)) {
> > +   if (mode) {
> 
> Coding style nit: please use a single space after `if'.
> 
> > +fail:      crypto_free_tfm(*tfm);
> > +out:       return error;
> 
> We conventionally insert a newline directly after labels.
> 
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> > +#ifdef CONFIG_SWSUSP_ENCRYPT
> 
> err, no.  Please find a way to reduce the ifdeffery.

Andreas, these are yours.
                                                                Pavel
-- 
teflon -- maybe it is a trademark, but it should not be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to