Red Hat Bugzilla – Bug 185471
kernel dm crypt: Provide a mechanism to clear key while device suspended
Last modified: 2013-02-28 23:04:19 EST
Say you have a laptop with a filesystem on a block device encrypted using dm-crypt.
When you suspend the laptop, your encryption key is still held in RAM (or on
disk if suspended to disk). It would be better if the key could be removed from
memory before the suspension so it has to be re-entered when the machine is awoken.
Currently you can't do this without unmounting the filesystem first.
A simple enhancement should be made to core device-mapper and the crypt target
to support this.
For example, we could add a flag to the dm 'suspend' ioctl to remove the table.
Milan, can you please verify if that patch is in 2.6.18?
PM ACK (as it is in)
A package has been built which should help the problem described in
this bug report. This report is therefore being closed with a resolution
of CURRENTRELEASE. You may reopen this bug report if the solution does
not work for you.