Hi! > > So we would need to zero out the suspend image in swap to prevent the > > retrieval of this data from the running machine (imagine a > > remote-root-hole). > > > > Zeroing out the suspend image means "write lots of megabytes to the > > disk" which takes a lot of time. > > Zero only the mlocked regions. This should take essentially no time at > all. Swsusp knows which these are because they have to be mlocked
I believe this is tricky to implement. You are free to produce patch, and if that patch is nicer/simpler than Anreas's code, I may consider it. > But this is all solvable without resorting to yet another encrypted > block device scheme. Such a scheme shouldn't even be considered until > all the other options are thoroughly explored. Any scheme that's > encrypting the suspend image and then storing the key in the clear is > either obviously broken or obviously doesn't actually need encryption. Andreas solved real problem. You are waving hands. Obviously your next mail should contain a patch. Pavel -- Boycott Kodak -- for their patent abuse against Java. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/