> The following patches allow for encryption of the on-disk swsusp image > to prevent data gathering of e.g. in-kernel keys or mlocked data after > resume. > For this purpose the aes cipher must be compiled into the kernel as > module load is not possible at resume time. > A random key is generated at suspend time, stored in the suspend header > on disk and deleted from the header at resume time. If you don't resume > a mkswap on the suspend partition will also delete the temporary key. > Only the data pages are encrypted as only these may contain sensitive data. > This works on my x86_64 laptop (64bit mode) and probably needs testing > on other platforms.
What about an option for an user-defined key? One that can be set when suspending? Folkert van Heusden Auto te koop! Zie: http://www.vanheusden.com/daihatsu.php Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden! +------------------------------------------------------------------+ |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)| |a try, it brings monitoring logfiles to a different level! See | |http://vanheusden.com/multitail/features.html for a feature list. | +------------------------------------------= www.unixsoftware.nl =-+ Phone: +31-6-41278122, PGP-key: 1F28D8AE Get your PGP/GPG key signed at www.biglumber.com!
pgpNAtjpp9ckB.pgp
Description: PGP signature