The following patches allow for encryption of the on-disk swsusp image to prevent data gathering of e.g. in-kernel keys or mlocked data after resume.
For this purpose the aes cipher must be compiled into the kernel as module load is not possible at resume time. A random key is generated at suspend time, stored in the suspend header on disk and deleted from the header at resume time. If you don't resume a mkswap on the suspend partition will also delete the temporary key. Only the data pages are encrypted as only these may contain sensitive data. This works on my x86_64 laptop (64bit mode) and probably needs testing on other platforms. -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
