Thread (51 messages) 51 messages, 9 authors, 2016-12-27

Re: [dm-devel] [PATCH 3/3] dm-crypt: Adds support for wiping key when doing suspend/hibernation

From: Alasdair G Kergon <agk@redhat.com>
Date: 2015-04-07 13:55:58
Also in: dm-devel, linux-pm, lkml

On Sun, Apr 05, 2015 at 07:20:19PM +0200, Pali Rohár wrote:
This patch adds dm message commands and option strings to optionally wipe key
from dm-crypt device before entering suspend or hibernate state.
 
Try to avoid 0/1 - use descriptive options instead. 
E.g. key wipe_on_hibernation / key retain_on_hibernation  (message)
     wipe_key_on_hiberation ('dmsetup table' - don't forget the reporting interface!)

Have you tested against every state the driver might be in at the time of
suspend/hibernation?
+static void crypt_suspend_and_wipe_key(struct crypt_config *cc)
+{
+	dm_suspend_md(dm_table_get_md(cc->ti->table));
I'm not particularly keen on this - silently ignoring expected error states
like -EINVAL rather than checking first and not calling the function at all
when it's known not to be needed.

Alasdair
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help