[dm-crypt] Dmcrypt and hibernate key disclosure

Heiko Rosemann heiko.rosemann at web.de
Sat Jan 8 12:53:10 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/08/11 05:45, Bryan Kadzban wrote:
> Arno Wagner wrote:
>>>> It seems to me that there is actually no software hook or script
>>>> thet gets executed during resume,
>>> From hibernate, there is.  It's a normal bootup, including
>>> initramfs, until some string gets written into /sys/power/resume.
>>> There might be restrictions on when this write can happen, but I'm
>>> sure they at least allow some initramfs code to run.
>>
>> Seems I misunderstood the respective kernel parameter then. Or it is
>> an alternative to the mechanism you describe. So writing to
>> /sys/power/resume replaces the current system with the suspended one?
> 
> If you mean the "resume=" kernel command-line parameter, then I am
> fairly sure it will be used by the kernel only in the absence of an
> initramfs.  If an initramfs is present, the kernel will do nothing, and
> the initramfs will need to support all options like resume= on its own.

This might be implementation dependend (there is more than one
suspend-to-disk-option for linux). If a resume2= parameter is present
for tuxonice, the initramfs "only" needs to write "1" to
/sys/power/tuxonice/do_resume.

Regards,
Heiko


- -- 
eMails verschlüsseln mit PGP - privacy is your right!
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0oUCYACgkQ/Vb5NagElAWmfwCeLfsTTpZpJEabKq8VeYSG2Ln2
PPgAoJuAQEluPGKHCiYXWKYAF7ShAdUU
=tKBj
-----END PGP SIGNATURE-----



More information about the dm-crypt mailing list