• Andreas Steinmetz's avatar
    [PATCH] encrypt suspend data for easy wiping · c2ff18f4
    Andreas Steinmetz authored
    The patch protects from leaking sensitive data after resume from suspend.
    During suspend a temporary key is created and this key is used to encrypt the
    data written to disk.  When, during resume, the data was read back into memory
    the temporary key is destroyed which simply means that all data written to
    disk during suspend are then inaccessible so they can't be stolen lateron.
    
    Think of the following: you suspend while an application is running that keeps
    sensitive data in memory.  The application itself prevents the data from being
    swapped out.  Suspend, however, must write these data to swap to be able to
    resume lateron.  Without suspend encryption your sensitive data are then
    stored in plaintext on disk.  This means that after resume your sensitive data
    are accessible to all applications having direct access to the swap device
    which was used for suspend.  If you don't need swap after resume these data
    can remain on disk virtually forever.  Thus it can happen that your system
    gets broken in weeks later and sensitive data which you thought were encrypted
    and protected are retrieved and stolen from the swap device.
    Signed-off-by: default avatarAndreas Steinmetz <ast@domdv.de>
    Acked-by: default avatarPavel Machek <pavel@suse.cz>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    c2ff18f4
swsusp.c 35.1 KB