Guilhem Moulin <guil...@debian.org> 于2023年12月31日周日 21:50写道: > > On Sun, 31 Dec 2023 at 21:22:36 +0800, YunQiang Su wrote: > >> Is there any reason to not just use systemd-cryptenroll? > > > > Yes. I tried to use systemd-cryptenroll, while it cannot work with > > cryptsetup-suspend. > > I need a way to suspend or hibernate without disks decrypted. > > Seems like this should be a wishlist bug against cryptsetup-suspend not > an ITP. I don't foresee any reason why this wouldn't work once #1023700 > and #1031254 are fixed. >
systemd-cryptsetup doesn't have suspend support. cryptsetup-suspend will fails. I tried with "systemd-cryptsetup detach", while it is not allowed for a using system. > > The passphrase is stored in /var/cache, and switch_root will clean > > all of them, so I guess it won't leak. > > The partition might be backed by plain-test drives or similar, so it > can't be used to write sensitive data. > This script will only in initramfs, so /var/cache will always be an ramfs. > -- > Guilhem.
