Re: [dm-devel] [PATCH 3/3] dm-crypt: Adds support for wiping key when doing suspend/hibernation
From: Alasdair G Kergon <agk@redhat.com>
Date: 2015-04-07 13:55:58
Also in:
dm-devel, linux-pm, lkml
From: Alasdair G Kergon <agk@redhat.com>
Date: 2015-04-07 13:55:58
Also in:
dm-devel, linux-pm, lkml
On Sun, Apr 05, 2015 at 07:20:19PM +0200, Pali Rohár wrote:
This patch adds dm message commands and option strings to optionally wipe key from dm-crypt device before entering suspend or hibernate state.
Try to avoid 0/1 - use descriptive options instead.
E.g. key wipe_on_hibernation / key retain_on_hibernation (message)
wipe_key_on_hiberation ('dmsetup table' - don't forget the reporting interface!)
Have you tested against every state the driver might be in at the time of
suspend/hibernation?
+static void crypt_suspend_and_wipe_key(struct crypt_config *cc)
+{
+ dm_suspend_md(dm_table_get_md(cc->ti->table));I'm not particularly keen on this - silently ignoring expected error states like -EINVAL rather than checking first and not calling the function at all when it's known not to be needed. Alasdair