While I agree with most of what you said in your post, I fail to see the
problem with this one. My laptop has encrypted swap and it poses no
problem when suspending. The disk can be taken out and read, but its
encrypted with a random key that exists only in memory so its harder to
extract. (and if someone can extract my memory, the swap is the least of
my concerns).
Maybe you're talking about hibernation rather than suspension. (when
everything is written to disk and the memory is wiped). In this case,
again, the encrypted swap's key is the least of your concern since all
your memory is written to disk plaintext anyway. If hibernation is
implemented in software, you can have it encrypted too, and require a
user-supplied key upon restarting. If its implemented by the hardware, I
guess there isn't much you can do. Just have the kernel do the
hibernation into an encrypted loopdev and halt the machine.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/