Hi, This patch updates the HOWTO to reflect the recent changes including the switch to libgcrypt. It also changes the Makefile so that it's possible to install s2disk alone (ie. without s2ram and s2both) and so that existing configuration file is not overwritten when a new is installed.
Comments welcome. Greetings, Rafael -- HOWTO | 449 ++++++++++++++++++++++++++++++++++++++++----------------------- Makefile | 15 +- 2 files changed, 304 insertions(+), 160 deletions(-) Index: suspend/HOWTO =================================================================== --- suspend.orig/HOWTO 2006-07-19 17:23:54.000000000 +0200 +++ suspend/HOWTO 2006-07-21 15:46:26.000000000 +0200 @@ -3,124 +3,221 @@ Suspend to disk HOWTO Copyright (C) 2006 Pavel Machek <[EMAIL PROTECTED]> Copyright (C) 2006 Rafael J. Wysocki <[EMAIL PROTECTED]> + I. Quick start -You'll need the 2.6.17-rc1 kernel or above, or a recent -mm kernel. It has to -be configured to support software suspend. It is also recommended to configure it to -support RAM disks, initial RAM disks, loopback block devices, and the ext2 filesystem. +1) Necessary items -You'll also need /dev/snapshot for the suspend tool to work: +(a) This package +(b) Linux kernel supporting the swsusp userland interface (2.6.17 or above) +(c) Swap partition, approximately as big as 1/2 of RAM +(d) Special device file for the snapshot device (character, 10, 231), e.g. crw-r--r-- 1 root root 10, 231 Jan 13 21:21 /dev/snapshot -For compression, you'll additionally need the Marc Lehmann's libLZF library -to be installed on your system, and for encyption you'll need OpenSSL. +(e) [optionally] Marc Lehmann's libLZF library (for image compression) +(f) [optionally] libgcrypt (for image encryption) + +2) Basic steps + +(a) Configure, build and install the kernel + +The kernel has to be configured to support software suspend. It is also +highly recommended to configure it to support RAM disks, initial RAM disks, +loopback block devices, and the ext2 filesystem, at least for initial testing. +Later on, you can use initramfs instead of initrd (please see Section II of +this document for details). + +If you already use initrd or initramfs, you'll need to integrate the resume +binary with it eventually. However, it's better to postpone this until you +have verified that the suspend utilities work on your system. Thus it is +recommended to initially build the kernel with all of the drivers needed to +mount the root filesystem (most importantly the drivers needed to access +your hard disk drive) compiled in. Then, you will only need the initrd to run +the resume binary itself and you will be able to use the resume initrd +installation script provided in this package. + +The kernel installation procedure will depend on what Linux distribution +you use and should be documented elsewhere. + +(b) [optionally] Install the Marc Lehmann's libLZF library + +If you want to use the image compression functionality and libLZF it's not +installed on your system, download the tarball from +http://www.goof.com/pcg/marc/liblzf.html, unpack it, go to the directory +containing the source and run + +$ ./configure +$ make + +Next, become root and run + +# make install + +[This will put the lzf.h file into /usr/local/include, the library +into /usr/local/lib, and the lzf binary into /usr/local/bin.] + +(c) [optionally] Install libgrypt + +If you want to use the image encryption functionality of the suspend +tools, you'll need libgcrypt to build them. If you have installed +GnuPG, libgcrypt is present on your system, but you'll also need +the development package for it. + +On a SUSE system you can verify if the package has been installed by running + +$ rpm -q libgcrypt-devel + +and it should give you the version of the package if so (there are similar +methods for any other distribution). If not, you'll need to install it. + +The majority of modern Linux distributions provide a binary package with it +and you should install it in a way that's appropriate for your distribution. +Still, if your distribution doesn't provide the binary package, you can refer +to the documentation at http://www.gnupg.org/ for installation instructions. + +(d) Configure, build and install the suspend utilities + +- Edit Makefile and the conf/suspend.conf file to reflect the configuration +of your system (please refer to Section II of this document for details). The +value of the RESUME_DEVICE constant in Makefile must be the same as the value +of the "resume device" parameter in the configuration file and it must be the +full path of a swap partition device file (eg. /dev/hda3). -First, edit Makefile and the conf/suspend.conf file to reflect the -configuration of your system. The value of the RESUME_DEVICE constant in Makefile -must be the same as the value of the "resume device" parameter in the configuration -file and it must be the full path of your suspend swap partition device file. - -There should be just one resume partition, for now. You'll need at most 1/2 of -your RAM of free space on it, but in some cases it may be smaller, too. The suspend -tool may be configured to create quite small snapshot images but then some contents -of the RAM will have to be swapped out before suspend. +[There should be just one resume partition, for now. You'll need at most 1/2 +of your RAM of free space on it, but in some cases it may be smaller, too. +The s2disk tool may be configured to create quite small snapshot images but +then some contents of the RAM will have to be swapped out before suspend.] -Next, build the userspace tools in the usual way: +- Build the suspend tools in the usual way: -$ make suspend +$ make s2disk $ make resume -To install the suspend tool, become root and run: +- To install the s2disk tool, become root and run: -# make install-suspend +# make install-s2disk -The installation procedure for the resume tool depends on whether you use an initrd -or an initramfs, or nothing. +This will also create the snapshot device file in /dev/, if needed. -If you don't use either, you'll need an initrd to run the resume tool. It's not -anything to worry about, though. Become root, run: +- To create and install an initrd image containing the resume binary, become +root and run: # make install-resume-initrd -and add the following line to the GRUB configuration file (right after your -kernel configuration): +This will place the file resume-initrd in the /boot directory. - initrd (hd0,0)/resume-initrd +[If you already use an initrd or initramfs, the resume binary will need to be +integrated with it, but initially it's better to use a separate "resume" +initrd image. Unfortunately the procedure of installing the resume binary +in the exsiting initrd or initramfs image depends on the Linux distribution +used, but one exaple is given at the end of Section II.] -where (hd0,0) should be replaced with the identification of your boot partition -(please refer to the GRUB documentation for details). -[In fact this will work if you have a separate boot partition. If you don't, -the line you should add to the GRUB configuration file is: +You will also need to make the kernel use the resume initrd image. +Unfortunately this depends on the Linux distribution too, but if you +use GRUB and the entry in the GRUB configuration file (usually +/boot/grub/menu.lst) corresponding to your newly installed kernel is similar +to following one: - initrd (hd0,0)/boot/resume-initrd +title Linux (2.6.18-rc2) + root (hd0,0) + kernel /vmlinuz-2.6.18-rc2 root=/dev/md1 vga=792 ... -where (hd0,0) should be replaced with the identification of your root partition.] -If you use LILO, please refer to its documentation for the information related to -initrd files. +where "..." represents some additional kernel command line options, you will +only need to add the line: -If you use an initrd already, you should know how to put the resume binary into it. -Also, you ought to have a linuxrc script or binary on the initrd, so you'll need to -make it execute the resume binary at the very end. + initrd /resume-initrd -If you use an initramfs, it depends on whether you use initramfs-tools or yaird. -Again, you need to put the resume binary in it and ensure the initialisation script -executes it. For yaird, instructions and a patch are given at the end of section II. +right next to the "kernel" line. -To suspend-to-disk, run +[The paths in the above example correspond to the situation in which there is +a separate boot partition. However, if the /boot directory is located in the +root partition, the only difference will be the appearance of /boot in the +paths, e.g. -./suspend +title Linux (2.6.18-rc2) + root (hd0,0) + kernel /boot/vmlinuz-2.6.18-rc2 root=/dev/md1 vga=792 ... + initrd /boot/resume-initrd -[Warning: some shells have "suspend" built in command, so specifing -exact path like ./suspend is more important than usual.] +where we have shown the complete configuration. The (hd0,0) identifies the +partition that GRUB will use to read the kernel and the initrd image from, +but please refer to the GRUB documentation for more details.] -Suspend is easy, resume is slightly harder. Resume application has to -be run without any filesystems mounted rw, and without any journalling -filesystems mounted at all, preferably from initrd (but read-only ext2 -should do the trick, too). However, if you have followed the instructions above, -the resume tool should be started automatically when the kernel boots. +(e) To suspend to disk, run -If you prefer to run resume manually, it is also easy +# s2disk -./resume +NOTE: For this to work you must be running _exactly_ the same kernel that +will be used for resuming. Otherwise the kernel will refuse to accept the +suspend image. -but you MUST ensure not to mount any filesystems rw and any journaled filesystems -at all before that. Otherwise you can lose data. +To resume, just boot the kernel you were running when the image was created +and if the initrd is properly installed, the resume tool will be run +automatically out of it. -II. Installation +II. Installation of suspend tools -1) For compression you'll need the Marc Lehmann's libLZF library. If it's not installed -on your system, download the tarball from http://www.goof.com/pcg/marc/liblzf.html, -unpack it, go to the directory containing the source and run +1) Kernel configuration -$ ./configure -$ make +(a) The kernel must support the swsusp userland interface, so it's most +recommended to use the 2.6.17 kernel or above. -Next, become root and run +(b) The kernel has to be configured to support software suspend, i.e. +the kernel configuration file (.config) has to contain +CONFIG_SOFTWARE_SUSPEND=y -# make install +(c) The kernel should be configured with CONFIG_BLK_DEV_INITRD=y, which will +allow you to run the resume binary out of an iniramfs/initrd image. +[It is possible to use the suspend tools without any initramfs/initrd +images, but it's dangerous and will not be documented here.] -[This will put the lzf.h file into /usr/local/include, the library -into /usr/local/lib, and the lzf binary into /usr/local/bin.] +(d) It is recommended to configure the kernel with CONFIG_BLK_DEV_RAM=y and +set CONFIG_BLK_DEV_RAM_SIZE to at lease 2048 Kbytes. [This will make it +possible to use initrd images.] + +(e) It is recommended to configure the kernel with CONFIG_BLK_DEV_LOOP=y, or +the resume initrd installation script provided in this package will not work. +Also the loopback device support may be needed for manual configuration +of the initrd image. + +(f) The automatic resume initrd installation script provided in this package +installs an ext2 filesystem in the initrd image, so the kernel has to be +configure with CONFIG_EXT2_FS=y for it to work. + +(g) For initial testing it's better to compile all of the drivers needed to +mount the root filesystem into the kernel, install the kernel without +an initrd/initramfs, and use the automatically-generated resume initrd +(see below) with it. + +2) Installation of optional packages -For encryption you'll need the OpenSSL library, but it should be installed on your -system anyway. If it is not (highly unlikely), please refer to the documentation at -http://www.openssl.org for installation instructions. +If you want to use the compression and/or encryption capabilities of the +suspend tools, you'll need the Marc Lehmann's libLZF and/or libgcrypt, +respectively. Short instructions related to these packages have been +given in Secion I above. -2) You'll need to compile the suspend and resume tools. To do this run +3) Configuration and compilation of suspend tools -$ make suspend +(a) [optional] If you want to use the compression and/or encryption +capabilities of the suspend tools and you have installed the necessary +packages referred to in subsection 2), you need to set +CONFIG_COMPRESS and/or CONFIG_ENCRYPT in the Makefile to "yes". + +(b) Compile the s2disk and resume binaries by running: + +$ make s2disk $ make resume in the directory where you have placed the sources. -3) Create the configuration file for the suspend tool. Its default name +4) Create the configuration file for the s2disk tool. Its default name is /etc/suspend.conf, but this can be customized by changing CONFIG_FILE -in config.h. It is also possible to specify the configuration file name +in config.h. It is also possible to specify the configuration file name from the command line, by using the -f option, eg. -# ./suspend -f <config_file> +# s2disk -f <config_file> The configuration file must contain the resume device specification, eg. @@ -139,83 +236,107 @@ compress = <y/n> encrypt = <y/n> RSA key file = <path> max loglevel = <ignored> -suspend to both = <y/n> early writeout = <y/n> splash = <y/n> The "image size" parameter may be used to limit the size of the system -snapshot image created by the suspend tool, but it's not mandatory. Namely, -the suspend tool will do its best to limit the image size as required by +snapshot image created by the s2disk tool, but it's not mandatory. Namely, +the s2disk tool will do its best to limit the image size as required by this parameter, but if that's not possible, it will suspend the system anyway, with a bigger image. If "image size" is set to 0, the snapshot image will be as small as possible. -If the "compute checksum" parameter is set to 'y', the suspend and resume +If the "compute checksum" parameter is set to 'y', the s2disk and resume tools will use the MD5 algorithm to verify the image integrity. -If the "compress" parameter is set to 'y', the suspend and resume tools will +If the "compress" parameter is set to 'y', the s2disk and resume tools will use the LZF compression algorithm to compress/decompress the image. -If the "encrypt" parameter is set to 'y', the suspend and resume tools will -use the Blowfish encryption algorithm to encrypt/decrypt the image. If the -"RSA key file" option is also used, the suspend tool will generate a random -key for the Blowfish encryption that will be passed to the resume tool +If the "encrypt" parameter is set to 'y', the s2disk and resume tools will +use the AES encryption algorithm to encrypt/decrypt the image. If the +"RSA key file" option is also used, the s2disk tool will generate a random +key for the AES encryption that will be passed to the resume tool within the image header with the help of the RSA cipher. However, for this -purpose you'll need an additional RSA key file the path to which should -be the value of "RSA key file". For more details refer to section "IV. Advanced -encryption" in this document. - -If the "suspend to both" parameter is set to 'y', the suspend tool will suspend -the box to RAM after the suspend image has been saved to disk. Then, upon -resume, if there's some battery power remaining, the box will be resumed -from RAM and the saved image will be discarded. However, for this to work -the box must be in the suspend to RAM whitelist provided along with the tools. +purpose you will need an additional RSA key file the path to which should +be the value of "RSA key file" parameter. For more details refer to Section +IV ("Advanced encryption") of this document. -If the "early writeout" parameter is set to 'y' is specified, the suspend +If the "early writeout" parameter is set to 'y', the s2disk utility will start syncing the resume device early in the process of writing the image to it. [This has been reported to speed up the suspend on some boxes and eliminates the "fast progress meter and long fsync wait" effect.] -The "splash" parameter is used to make suspend and/or resume use a splash system +The "splash" parameter is used to make s2disk and/or resume use a splash system (when set to 'y'). Currently the bootsplash.org's splash system is supported. The resume tool can use the same configuration file that is used by the -suspend tool, but it will ignore most of the above parameters. It will use the +s2disk tool, but it will ignore most of the above parameters. It will use the value of "suspend loglevel" as the kernel console loglevel during resume. Additionally it will use the value of "max loglevel" as the kernel console loglevel to switch to in -case the resume fails (this parameter is ignored by the suspend tool). +case the resume fails (this parameter is ignored by the s2disk tool). It is not necessary to set "compute checksum = y" and/or "compress = y", and/or "encrypt = y" for the resume tool. The appropriate information related to -these options will be passed to it in the image header by the suspend tool. +these options will be passed to it in the image header by the s2disk tool. However, the resume tool will only use the splash system if "splash = y" is set for it explicitly. -4) You may need to create the snapshot device file: +In order to create the configuration file for s2disk and/or resume, it is +recommended to edit the file suspend.conf in the conf/ subdirectory of the +package source. Then this file will be automatically placed in /etc and +in the resume initrd file by scripts provided in this package. + +5) Install s2disk + +To install the s2disk tool, run: + +# make install-s2disk + +as root. This will place the s2disk binary in the destination directory +defined in Makefile (/usr/local/sbin by default). It will also +create the special device file for the suspend device in /dev, if needed, +and copy the configuration file from the conf/ subdirectory of the source +package to /etc (or somewhere else, depending on the settings in Makefile). +If the configuration file already exists, it will not be overwritten and +a new file with the suffix ".new" appended to its name will be created. + +If CONFIG_ENCRYPT is set to "yes" in Makefile, the suspend-keygen tool +used for generating RSA keys for s2disk (see Section IV of this document +for details) will also be built and installed in the destination directory +specified in Makefile (/usr/local/sbin by default). + +If you don't want to use "make install-s2disk", you can copy the s2disk +binary and the configuration file to wherever you like, but you'll also +need to make sure the snapshot device file is present (if you have set +CONFIG_ENCRYPT=yes in Makefile, you may also need to copy the suspend-keygen +binary to its final destination manually). + +4) Create snapshot device file + +If you don't use "make install-s2disk", you may need to create the snapshot +device file: # mknod /dev/snapshot c 10 231 If the name of this file is equal to SNAPSHOT_DEVICE in swsusp.h, it is not necessary to specify it in the configuration file. -If you use "make install-suspend" to install the suspend tool, it will also -install the configuration file from the conf directory in your /etc -directory and it will create the snapshot device file for you if it's not present. - -Now you should be able to use the suspend tool. It is recommended, however, +Now you should be able to use the s2disk tool. It is recommended, however, to put the tool into a directory located directly on the root filesystem, for safe testing. -5) It is recommended to place the resume tool on an initrd or an initramfs. For the -latter, see instructions for yaird under (6) below. For an initrd, this may be done -using "make install-resume-initrd", but I'll describe the full procedure in case -you want to do something in a different way. For simplicity I will only cover the -fastest method of setting it up that will allow you to get the resume tool up and -running quickly. [The described procedure reflects the actions performed by -"make install-resume-initrd".] +5) Install resume + +It is recommended to place the resume tool on an initrd/initramfs image. +For the latter, see instructions for yaird under (6) below. For an initrd, +this may be done using "make install-resume-initrd", but I'll describe the +full procedure in case you want to do something in a different way. For +simplicity I will only cover the fastest method of setting it up that will +allow you to get the resume tool up and running quickly. [The described +procedure reflects the actions performed by "make install-resume-initrd".] (a) Configure the kernel to support RAM disks, initial RAM disks, loopback -block devices, and the ext2 filesystem, and install it. +block devices, and the ext2 filesystem, and install it as described in 1). (b) Create the /initrd directory if it doesn't exist already. @@ -246,42 +367,52 @@ $ /sbin/mke2fs -F -m0 initrd [The initrd filesystem will be mounted as the root filesystem, so the paths with respect to it must be the same as in your "normal" root filesystem.] -(g) Create the proc and etc directories on it (the resume tool will use them), eg. +(g) [optional] If you want to use the RSA encryption mechanism described in +Section IV, you'll need to create the random and urandom device files on the +resume initrd: + +# mknod /dev/random c 1 8 +# mknod /dev/urandom c 1 9 + +(h) Create the proc and etc directories on it (the resume tool will use them), eg. # mkdir /mnt/proc # mkdir /mnt/etc -(h) Copy the resume tool to the initrd filesystem and link it to linuxrc, eg. +(i) Copy the resume tool to the initrd filesystem and link it to linuxrc, eg. # cp resume /mnt/ # cd /mnt # ln -s resume linuxrc -(i) Put the configuration file for the resume tool in the etc directory on +(j) Put the configuration file for the resume tool in the etc directory on the initrd filesystem, eg. # cp /etc/suspend.conf /mnt/etc/ -(j) Unmount the initrd filesystem and move the file containing it to your /boot +(k) Unmount the initrd filesystem and move the file containing it to your /boot directory, eg. # umount /mnt # mv initrd /boot/resume-initrd -(k) In the GRUB configuration file add the initrd to the configuration of the +(l) In the GRUB configuration file add the initrd to the configuration of the newly installed kernel, eg. initrd (hd0,0)/resume-initrd (if you use LILO, please refer to its documentation). -(l) If you already have the resume initrd file which is called resume-initrd +(m) If you already have the resume initrd file which is called resume-initrd and located in the /boot directory, you can install the resume tool on it by using "make install-resume". -(6) For an initramfs made by yaird, you can yaird let load the resume binary. -For this purpose, edit /etc/yaird/Templates.cfg, and find "Template RESUME" -The first few lines should read as follows: +6) Install resume on initramfs with yaird + +For an initramfs made by yaird, you can make yaird load the resume binary. +For this purpose, copy install the resume binary in /usr/local/sbin (for +example) and edit /etc/yaird/Templates.cfg to reflect your configuration. +Namely, find "Template RESUME" in there and make it read as follows: TEMPLATE resume BEGIN FILE "/usr/local/sbin/resume" @@ -305,22 +436,20 @@ The first few lines should read as follo ! fi Here, the two "FILE" lines and the last if-then statement are new. -Furthermore, yaird needs to know what the resume partition is. You can either edit -/etc/yaird/Default.cfg and add that to the RESUME goal, or add an option "resume" -to your swap partition in /etc/fstab, as follows +Furthermore, yaird needs to know what the resume partition is. You can either +edit /etc/yaird/Default.cfg and add that to the RESUME goal, or add an option +"resume" to your swap partition in /etc/fstab, as follows /dev/hda3 none swap sw,resume 0 0 -Finally, resume needs to be where you say it is in Templates.cfg, so do -install --mode=755 resume /usr/local/sbin/ +With all the above done, run yaird (or if you are a lazy Debian user, just +reinstall linux-image-2.6.17-...). -With all the above done, run yaird (or if you are a lazy Debian user, just reinstall -linux-image-2.6.17-...). III. Testing -Before you start using the suspend and resume tools for real, you should test -your setup. For this purpose it's recommended to boot the new kernel with the -"init=/bin/bash" command line argument. Then, the kernel should run bash +Before you start using the s2disk and resume tools for real, you should test +your setup. For this purpose it is recommended to boot the new kernel with +the "init=/bin/bash" command line argument. Then, the kernel should run bash instead of init and you should get a (root) command prompt with the root filesystem mounted read-only and with no other filesystems. @@ -330,49 +459,53 @@ If this happens, mount the sysfs and pro # mount /proc # swapon -a -Next, go to the directory where the suspend tool is and do: +Next, go to the directory where the s2disk tool is and do: -# ./suspend +# ./s2disk If this fails, the tool will return to the command prompt with a (hopefully instructive) message. Otherwise you should be able to see some messages -from it on the screen and finally the progress meter, and the box should be powered -off. If that happens, you can start it again and let the resume utility run -from the initrd. If everything is fine, it will read the image and restore -the system state from it, and you will get the command prompt back. If so, -your setup works. Otherwise there's something wrong and you'll need to find -out what and why. - -The next step is to check whether your device drivers suspend and resume correctly. -To do this, it is reasonable to boot the kernel to the runlevel 2 and run the -suspend tool. If it suspends successfully and the resume tool is able to restore -the system state, the drivers are most probably fine. Otherwise please report -the problem. +from it on the screen and finally the progress meter, and the box should be +powered off. If that happens, you can start it again and let the resume +utility run from the initrd. If everything is fine, it will read the image +and restore the system state from it, and you will get the command prompt +back. If so, your setup works. Otherwise there's something wrong and you'll +need to find out what and why. + +The next step is to check whether your device drivers suspend and resume +correctly. To do this, it is reasonable to boot the kernel to the runlevel 2 +and run the suspend tool. If it suspends successfully, the resume tool is +able to restore the system memory state, and you get the command prompt back, +the drivers are most probably fine. Otherwise please report the problem. + +Finally, you can start X and try to suspend from an xterm. If this works, +you're done. -Finally, you can start X and try to suspend from an xterm. If this works, you're -done. IV. Advanced encryption -If the suspend and resume tools are compiled with the encryption support, the -RSA cipher may be used to pass the Blowfish encryption key from the suspend -tool to the resume tool within the suspend image. This way the suspend tool +If the s2disk and resume tools are compiled with the encryption support, the +RSA cipher may be used to pass the AES encryption key from the s2disk +tool to the resume tool within the suspend image. This way the s2disk tool need not ask the user for a passphrase. -For this purpose you need to generate the RSA key pair using the suspend-keygen tool -provided along with the suspend and resume tools. The output file of suspend-keygen -should be saved as /etc/suspend.key (or something else pointed to by the -"RSA key file =" configuration parameter of suspend). This file contains the public -modulus (n), public exponent (e) and the Blowfish-encrypted private exponent (d) of -the RSA key pair. The RSA private exponent (d) is encrypted with a user-provided -passphrase. +For this purpose you need to generate the RSA key pair using the +suspend-keygen tool provided along with the s2disk and resume tools. The +output file of suspend-keygen should be saved as /etc/suspend.key (or +something else pointed to by the "RSA key file =" configuration parameter of +s2disk). This file contains the public modulus (n), public exponent (e), the +AES-encrypted private exponent (d), the AES-encrypted primes (p), (q) and +the (AES-encrypted) component (u) of the RSA key pair. The components (d), +(p), (q), (u) of the RSA key pair are encrypted with a key derived from a +user-provided passphrase. -Then, the suspend utility will load the contents of this file, generate a random +Then, the s2disk utility will load the contents of this file, generate a random session key (k) and initialization vector (i) for the image encryption and use (n, e) to encrypt these values with RSA. The encrypted (k, i) as well as the contents of the RSA key file will be saved in the image header. -The resume utility will read (n, e) and (encrypted) d as well as (encrypted) (k, i) -from the image header. Then it will ask the user for a passphrase and will -try to decrypt (d) using it. Next, it will use (n, e, d) to decrypt (k, i) needed -for decrypting the image. +The resume utility will read (n, e) and (AES-encrypted) (d, p, q, u) as well +as (RSA-encrypted) (k, i) from the image header. Then it will ask the user +for the passphrase needed to decrypt (d, p, q, u). Next, if the user provides +the right passphrase, the resume tool will decrypt (k, i) needed for decrypting +the image. Index: suspend/Makefile =================================================================== --- suspend.orig/Makefile 2006-07-20 12:20:46.000000000 +0200 +++ suspend/Makefile 2006-07-21 15:07:30.000000000 +0200 @@ -99,19 +99,30 @@ ifdef CONFIG_ENCRYPT suspend-keygen: md5.o keygen.c encrypt.h md5.h $(CC) -Wall -DHAVE_INTTYPES_H -DHAVE_STDINT_H $(CC_FLAGS) md5.o keygen.c -o suspend-keygen $(LD_FLAGS) +install-s2disk: $(S2DISK) suspend-keygen conf/$(CONFIGFILE) + if [ ! -c /dev/snapshot ]; then mknod /dev/snapshot c 10 231; fi + install --mode=755 suspend-keygen $(DESTDIR)$(SUSPEND_DIR) + install --mode=755 $(S2DISK) $(DESTDIR)$(SUSPEND_DIR) + if [ -f $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE) ]; then install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE).new; else install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR); fi + install-suspend: $(S2DISK) $(S2BOTH) suspend-keygen conf/$(CONFIGFILE) if [ ! -c /dev/snapshot ]; then mknod /dev/snapshot c 10 231; fi install --mode=755 suspend-keygen $(DESTDIR)$(SUSPEND_DIR) install --mode=755 $(S2DISK) $(DESTDIR)$(SUSPEND_DIR) install --mode=755 $(S2BOTH) $(DESTDIR)$(SUSPEND_DIR) - install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR) + if [ -f $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE) ]; then install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE).new; else install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR); fi install --mode=755 s2ram $(DESTDIR)$(SUSPEND_DIR) else +install-s2disk: $(S2DISK) conf/$(CONFIGFILE) + if [ ! -c /dev/snapshot ]; then mknod /dev/snapshot c 10 231; fi + install --mode=755 $(S2DISK) $(DESTDIR)$(SUSPEND_DIR) + if [ -f $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE) ]; then install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE).new; else install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR); fi + install-suspend: $(S2DISK) $(S2BOTH) conf/$(CONFIGFILE) if [ ! -c /dev/snapshot ]; then mknod /dev/snapshot c 10 231; fi install --mode=755 $(S2DISK) $(DESTDIR)$(SUSPEND_DIR) install --mode=755 $(S2BOTH) $(DESTDIR)$(SUSPEND_DIR) - install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR) + if [ -f $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE) ]; then install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR)/$(CONFIGFILE).new; else install --mode=644 conf/$(CONFIGFILE) $(DESTDIR)$(CONFIG_DIR); fi install --mode=755 s2ram $(DESTDIR)$(SUSPEND_DIR) endif ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Suspend-devel mailing list Suspend-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/suspend-devel
