This is a solvable security issue, not something that users ought to
just deal with. The solution is to dump the key from RAM on suspend and
to NOT write it to disk on Hibernate, and to ask the user to unlock the
disk on resume. Disk encryption is useless on machines that get
suspended or hibernated without this solution. At the absolute least,
there should be a massive, all-caps warning to users during installation
that their disk is NOT PROTECTED if they suspend or hibernate. I believe
this should be converted back into a bug and dealt with.
** Changed in: ubuntu
Status: Invalid => Opinion
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/937361
Title:
LUKS encryption keys are not dumped on suspend/hibernate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/937361/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
