Bug 185471 - kernel dm crypt: Provide a mechanism to clear key while device suspended
Summary: kernel dm crypt: Provide a mechanism to clear key while device suspended
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
: ---
Assignee: Milan Broz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-14 23:13 UTC by Alasdair Kergon
Modified: 2013-03-01 04:04 UTC (History)
2 users (show)

Fixed In Version: beta2
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-12-22 23:44:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Alasdair Kergon 2006-03-14 23:13:49 UTC 
Say you have a laptop with a filesystem on a block device encrypted using dm-crypt.

When you suspend the laptop, your encryption key is still held in RAM (or on
disk if suspended to disk).  It would be better if the key could be removed from
memory before the suspension so it has to be re-entered when the machine is awoken.

Currently you can't do this without unmounting the filesystem first.
A simple enhancement should be made to core device-mapper and the crypt target
to support this.

For example, we could add a flag to the dm 'suspend' ioctl to remove the table.
Comment 3 Daniel Riek 2006-09-29 12:02:28 UTC 
Milan, can you please verify if that patch is in 2.6.18?
Comment 7 Don Zickus 2006-10-11 01:48:55 UTC 
in kernel-2.6.18-1.2725.el5
Comment 8 Daniel Riek 2006-11-20 19:03:25 UTC 
PM ACK (as it is in)
Comment 9 RHEL Program Management 2006-12-22 23:44:14 UTC 
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.
Note You need to log in before you can comment on or make changes to this bug.