[dm-crypt] Verify LUKS password
arno at wagner.name
Tue Nov 29 19:17:44 CET 2011
On Tue, Nov 29, 2011 at 06:40:18PM +0100, Yves-Alexis Perez wrote:
> On mar., 2011-11-29 at 18:31 +0100, Arno Wagner wrote:
> > If you actually want to remove the LUKS mapping (i.e. "close" the
> > LUKS container) when the screen safer engages and remap the LUKS
> > container when the screensaver is unlocked, then this is complicated.
> > It mau also not be what you want, given that unmapping the LUKS
> > container with open files is eiter not possible or can result in
> > arbitrary data corruption (I have not tried it). So you would
> > need to do something like this on screenlocker-engage:
> > 1. Determine all open files in the LUKS container
> > 2. Terminate all applications that have these files open
> > 3. Unmount the LUKS container and verify it did unmount.
> > If unmount fails, go to 1. (An application could have opened
> > a file in between...) Maybe you can also do a ro remount first.
> > 4. Unmap the LUKS container.
> > Now, this would need to be somehow script-driven from the
> > screensaver. Whether automated application clsoe is a good idea
> > depends very much on the situation and is generally _not_ a good
> > idea.
> What about luksSuspend operation?
Well, maybe. If _all_ used applications can deal with
I/O calls to take forever.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt