[dm-crypt] Dmcrypt and hibernate key disclosure

iggy at riseup.net iggy at riseup.net
Sat Jan 8 15:55:33 CET 2011


I can verify that this works currently.

I am using Ubuntu 10.10 in the following setup:

Truecrypted windows partition.

Truecrypted data partition.

cleartext boot partition with intiramfs.

dmcrypt partition w/ LVM containing swap & root.

Suspend and hibernate both work dandy, and the only unencrypted place the
system could put the hibernate file (/boot) doesn't have enough free space
for that, by several times over.  Not that it would try to put it there
anyway.

Maybe I missed something, but why was there a suspicion that this might
not work?

-Iggy


> Arno Wagner wrote:
>> On Thu, Jan 06, 2011 at 08:08:55PM -0800, Bryan Kadzban wrote:
[...]
>> Anyways, experimenting on this would nto be that difficult. One thing
>> you would need to verify is that the image in swap is actually
>> encrypted with your swap key.
>
> The last time I tried this (at least 3 years ago, but I don't remember
> when exactly), I had a dm-crypted partition with an LVM PV in it, and
> that PV had one LV for the rootfs and a second for swap.  Hibernate and
> resume (to and from the swap LV) worked fine with the proper initramfs
> support.
>
> I didn't verify that the data was encrypted, but I think it'd be hard to
> have LVM in between swap and dm-crypt, and have the data go through LVM
> but not dm-crypt.  (I believe that it went through LVM because it worked
> after resume, and who knows where the blocks got stuck by the LVM layer.)
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list