Bug#452590: loop-aes-utils: adding swap support to root fs on loop support
Will Ashford
ashinberry at gmail.com
Mon Mar 17 22:01:10 UTC 2008
Hi Max,
On Fri, Mar 14, 2008 at 12:22 PM, Max Vozeler <xam at debian.org> wrote:
> I've just rediscovered your bug report - sorry for
> taking so long to reply.
Not a problem, thanks for following up.
> Could you describe what your (current or envisaged)
> setup looks like?
My perfect setup would consist of two entries in /etc/fstab. One
describing the rootfs (which works well), the other similarly
describing the swap partition. I would be able to specify different
keys for each partition and possibly encrypt each key with a different
passphrase.
> I have to admit that I've never used uswsusp. I'm
> happy to work on it, but I will probably need your help
> to get a better understanding of what it requires.
I'm new to uswsusp as well, I've previously used the suspend2 (now
tux-on-ice) kernel patches. Both of these projects write their
hibernation data to the swap partition and install hooks into the
initramfs to check for a special hibernation signature indicating the
presence of hibernation data. If hibernation data is present they
interrupt the normal boot process and load the hibernation data into
memory before passing off execution to the freshly restored system.
> It seems to me like it should work to look up the
> swap partition in /etc/fstab, include any referenced
> key files, and then just losetup the device during
> boot before uswsusp runs?
So far as I understand it that should work just fine. There may be a
special case of swap/root interaction however. If the system is
hibernated with the root partition's keys in memory I believe those
keys would be restored correctly on resume (hence the importance of
encrypted swap to avoid leaking key material to disk). I don't know
how this would interact with the swap partition's keys, should the
initramfs losetup swap, check for potential resume, then losetup root
if not? I haven't experimented at all but I have a spare machine that
could be used for this.
Thanks!
Will
More information about the Pkg-loop-aes-maint
mailing list