[dm-crypt] Dmcrypt and hibernate key disclosure

Arno Wagner arno at wagner.name
Fri Jan 7 05:39:15 CET 2011


On Thu, Jan 06, 2011 at 08:08:55PM -0800, Bryan Kadzban wrote:
> Arno Wagner wrote:
> > The other option would be to modify the resume process to
> > ask you for the passphrase to the swap partition. I don't 
> > know whether that is possible.
> 
> In an initramfs, I bet it is, though I've never tried it.  Resuming from
> hibernate is handled by writing the major:minor of the block device to
> resume from into the /sys/power/resume file, and I would *guess* that
> the device node can be a device-mapper child (such as dm-crypt or LVM
> would create).
> 
> The issue would be whether the device-mapper setup would have to be the
> same post-resume as it was pre-hibernate.  I expect it would have to be,
> but this is no different from real filesystems; hibernate writes out all
> of RAM, so the kernel recovers all of its pre-hibernate state exactly.
> (Well, except things like the current time.)

And it woyld need to exclude the swap-setup as well or atomically 
change it after reading the image. Bith would be fine for encrypted
swap.

> Of course, whether any given distro's initramfs setup can actually do
> this (assuming it's possible in the kernel) is a different story.  :-)

Indeed. But rolling your own initramfs is not really that difficult.
Or doing without it and just placing a boot-system on a partition
for that matter. I never used an initramfs in my standard 
installations, but I typically build a non-module kernel as well
or one with just modules that do not work well as compiled into
the kernel, such as some wireless drivers.

> > It seems to me that there
> > is actually no software hook or script thet gets executed
> > during resume,
> 
> From hibernate, there is.  It's a normal bootup, including initramfs,
> until some string gets written into /sys/power/resume.  There might be
> restrictions on when this write can happen, but I'm sure they at least
> allow some initramfs code to run.

Seems I misunderstood the respective kernel parameter then. 
Or it is an alternative to the mechanism you describe.
So writing to /sys/power/resume replaces the current system
with the suspended one?

If it is a normal boot, then hibernate (= suspend to disk) to 
encrypted swap and ask for the swap key before the replacement
and set it up via dm-crypt.

> From suspend, there is no hook I know of.  But suspend doesn't normally
> write anything to disk either, so that's fine.

I guess you mean "suspend to RAM" here. Anyways, experimenting
on this would nto be that difficult. One thing you would need to
verify is that the image in swap is actually encrypted with your
swap key. Given that at leas somet suspend-to-disk mechanisms encrypt
themself, this could be a bit tricky.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list