[dm-crypt] Verify LUKS password

Arno Wagner arno at wagner.name
Tue Nov 29 19:17:44 CET 2011


On Tue, Nov 29, 2011 at 06:40:18PM +0100, Yves-Alexis Perez wrote:
> On mar., 2011-11-29 at 18:31 +0100, Arno Wagner wrote:
> > If you actually want to remove the LUKS mapping (i.e. "close" the
> > LUKS container) when the screen safer engages and remap the LUKS
> > container when the screensaver is unlocked, then this is complicated.
> > It mau also not be what you want, given that unmapping the LUKS
> > container with open files is eiter not possible or can result in
> > arbitrary data corruption (I have not tried it). So you would
> > need to do something like this on screenlocker-engage:
> > 
> > 1. Determine all open files in the LUKS container
> > 2. Terminate all applications that have these files open
> > 3. Unmount the LUKS container and verify it did unmount.
> >    If unmount fails, go to 1. (An application could have opened
> >    a file in between...) Maybe you can also do a ro remount first.
> > 4. Unmap the LUKS container.
> > 
> > Now, this would need to be somehow script-driven from the 
> > screensaver. Whether automated application clsoe is a good idea 
> > depends very much on the situation and is generally _not_ a good 
> > idea.
> > 
> 
> What about luksSuspend operation?

Well, maybe. If _all_ used applications can deal with 
I/O calls to take forever. 

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list