[dm-crypt] Dmcrypt and hibernate key disclosure
heiko.rosemann at web.de
Sat Jan 8 12:53:10 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 01/08/11 05:45, Bryan Kadzban wrote:
> Arno Wagner wrote:
>>>> It seems to me that there is actually no software hook or script
>>>> thet gets executed during resume,
>>> From hibernate, there is. It's a normal bootup, including
>>> initramfs, until some string gets written into /sys/power/resume.
>>> There might be restrictions on when this write can happen, but I'm
>>> sure they at least allow some initramfs code to run.
>> Seems I misunderstood the respective kernel parameter then. Or it is
>> an alternative to the mechanism you describe. So writing to
>> /sys/power/resume replaces the current system with the suspended one?
> If you mean the "resume=" kernel command-line parameter, then I am
> fairly sure it will be used by the kernel only in the absence of an
> initramfs. If an initramfs is present, the kernel will do nothing, and
> the initramfs will need to support all options like resume= on its own.
This might be implementation dependend (there is more than one
suspend-to-disk-option for linux). If a resume2= parameter is present
for tuxonice, the initramfs "only" needs to write "1" to
eMails verschlüsseln mit PGP - privacy is your right!
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dm-crypt