On Thu, Oct 19, 2017 at 04:37:54PM -0400, Daniel Kahn Gillmor wrote: > suspend-to-disk > --------------- > If the user suspends to disk, then the memory will be written to disk.
even if the user suspends to RAM, the key will stay in memory, which is can be pretty bad (as it can be taken from there via hardware tools). so the idea came up to create a small chroot in memory, unmount the disk on suspend, throw away they key and chroot in there. Then upon resume they ey needs to be entered again, to unlock the disk. See these URLs for more information on this: https://github.com/QubesOS/qubes-issues/issues/2890 https://askubuntu.com/questions/95625/suspend-to-ram-and-encrypted-partitions https://github.com/jonasmalacofilho/ubuntu-luks-suspend I'd love to see this for Debian! -- cheers, Holger
signature.asc
Description: PGP signature
