Bug 185471 - kernel dm crypt: Provide a mechanism to clear key while device suspended
kernel dm crypt: Provide a mechanism to clear key while device suspended
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
low Severity medium
: ---
: ---
Assigned To: Milan Broz
Brian Brock
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-14 18:13 EST by Alasdair Kergon
Modified: 2013-02-28 23:04 EST (History)
2 users (show)

See Also:
Fixed In Version: beta2
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-22 18:44:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alasdair Kergon 2006-03-14 18:13:49 EST
Say you have a laptop with a filesystem on a block device encrypted using dm-crypt.

When you suspend the laptop, your encryption key is still held in RAM (or on
disk if suspended to disk).  It would be better if the key could be removed from
memory before the suspension so it has to be re-entered when the machine is awoken.

Currently you can't do this without unmounting the filesystem first.
A simple enhancement should be made to core device-mapper and the crypt target
to support this.

For example, we could add a flag to the dm 'suspend' ioctl to remove the table.
Comment 3 Daniel Riek 2006-09-29 08:02:28 EDT
Milan, can you please verify if that patch is in 2.6.18?
Comment 7 Don Zickus 2006-10-10 21:48:55 EDT
in kernel-2.6.18-1.2725.el5
Comment 8 Daniel Riek 2006-11-20 14:03:25 EST
PM ACK (as it is in)
Comment 9 RHEL Product and Program Management 2006-12-22 18:44:14 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.