Say you have a laptop with a filesystem on a block device encrypted using dm-crypt. When you suspend the laptop, your encryption key is still held in RAM (or on disk if suspended to disk). It would be better if the key could be removed from memory before the suspension so it has to be re-entered when the machine is awoken. Currently you can't do this without unmounting the filesystem first. A simple enhancement should be made to core device-mapper and the crypt target to support this. For example, we could add a flag to the dm 'suspend' ioctl to remove the table.
Milan, can you please verify if that patch is in 2.6.18?
in kernel-2.6.18-1.2725.el5
PM ACK (as it is in)
A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.