[dm-crypt] Dmcrypt and hibernate key disclosure

Milan Broz mbroz at redhat.com
Tue Jan 11 11:31:37 CET 2011


On 01/11/2011 10:11 AM, Arno Wagner wrote:
> On Tue, Jan 11, 2011 at 01:08:16AM +0100, Richard wrote:
>> On Fri, Jan 07, 2011 at 09:40:09AM +0800, Aaron Lewis wrote:
>>> Hi,
>>> 	If i hibernate with an device opened , before i resume , an image was
>>> written on swap partition , will there be a problem with my secret key's
>>> disclosure ?
>>>
>>> 	Just an off-line attack , if swap is not encrypted.
>>
>> swap must be encrypted. Works nicely on Fedora, one boot partition and a
>> big encrypted dm0 device with several LVM partitions on top of it.
>>
> 
> Well, if you are not asked for the swap encryption key on
> wakeup, basically everything is open. That would be a rather 
> obvious implementation error though.
> 
> If you get asked, then it depends on the implementation, but
> they do have the right idea.

Sorry I do not follow this thread but Fedora uses by default 
(= "encrypt the whole system" checkbox in installer) unencrypted
boot partition (where initramdisk resides) and LUKS encrypted PV on
the second partition, on top of it is root and swap LVs.
(So the whole system is encrypted except boot initramfs.)

The same is quite common in other distros too.

During boot, initramfs must ask for passphrase to PV, the same for hibernate
(suspend to disk - ram image is stored to swap partition LV).

What is not safe is suspend to RAM. Maybe someone should start to use
luksSuspend to at least clear encryption key from memory but it is not
as easy implement as it seems:)

Btw do not afraid of LVM in this scheme - mapping is just linear, so
the only mapping operation in kernel is adding offset and switching device
so there should be no measurable performance problem (there is no cache
or so).

Milan


More information about the dm-crypt mailing list