[dm-crypt] Dmcrypt and hibernate key disclosure

Arno Wagner arno at wagner.name
Fri Jan 7 03:49:11 CET 2011

On Fri, Jan 07, 2011 at 09:40:09AM +0800, Aaron Lewis wrote:
> Hi,
> 	If i hibernate with an device opened , before i resume , an image was
> written on swap partition , will there be a problem with my secret key's
> disclosure ?
> 	Just an off-line attack , if swap is not encrypted.
> 	And is there any suggestion for this special operation ? Because my
> root partition is also encrypted , so i can't simply close that device
> before hibernation took place.
> 	Thanks.

Did a Google search and ended up at something I said here some
time ago that did not really help ;-)

First, I do not know for sure how hibernation works. I never 
used it. What I could find out, is that hobernation does
shut down the computer and boots it up into an image of
the pre-hibernation state instead of going through the 
normal boot sequence.

As fas as I can tell, all suspend methods do store all 
used memory pages to swap, and that definitely includes 
the kernel pages with the disk encryption keys.

Now, with uncencrypted swap, that clearly exposes the keys.
There seems to be an option to encrypt swap with a temporary 
key that gets wiped after resume. This way the encryption keys
would be exposed during hibernation, but not after wakeup.
It seems that with the swsup hibernation method that may
be default behaviour. Some explanation here:


The other option would be to modify the resume process to
ask you for the passphrase to the swap partition. I don't 
know whether that is possible. It seems to me that there
is actually no software hook or script thet gets executed
during resume, but that it is a full kernel-internal
operation. I also see no reference to a possibility to pass
swap encryption keys to the kernel. In this case, there is 
no way around the exposure during hibernate.

I see a possible alternate way to do this. Use a virtualized
environment for your system and suspend that to a device 
encrypted by the base system. Then you can hibernate the 
virtualized system, do a normal shutdown and reboot of the 
base system, configure the encrypted filesystem and unsuspend 
the virtual machine from it. I do that with a virtual
machine for working on confidential data. More effort, but 
suspend to disk (=hibernation) and security do not really mix.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list