summaryrefslogtreecommitdiffstats
path: root/kernel/power/Kconfig
diff options
context:
space:
mode:
authorAndreas Steinmetz <ast@domdv.de>2005-09-03 15:56:59 -0700
committerLinus Torvalds <torvalds@evo.osdl.org>2005-09-05 00:06:16 -0700
commitc2ff18f4070f6303a81fd7d9d967d7c9e01b588f (patch)
tree250a50e27885a179d0fee37cef31cf3a4d4627d3 /kernel/power/Kconfig
parent583a4e88db1eadc52116e1f97b4519de655b2b80 (diff)
downloadop-kernel-dev-c2ff18f4070f6303a81fd7d9d967d7c9e01b588f.zip
op-kernel-dev-c2ff18f4070f6303a81fd7d9d967d7c9e01b588f.tar.gz
[PATCH] encrypt suspend data for easy wiping
The patch protects from leaking sensitive data after resume from suspend. During suspend a temporary key is created and this key is used to encrypt the data written to disk. When, during resume, the data was read back into memory the temporary key is destroyed which simply means that all data written to disk during suspend are then inaccessible so they can't be stolen lateron. Think of the following: you suspend while an application is running that keeps sensitive data in memory. The application itself prevents the data from being swapped out. Suspend, however, must write these data to swap to be able to resume lateron. Without suspend encryption your sensitive data are then stored in plaintext on disk. This means that after resume your sensitive data are accessible to all applications having direct access to the swap device which was used for suspend. If you don't need swap after resume these data can remain on disk virtually forever. Thus it can happen that your system gets broken in weeks later and sensitive data which you thought were encrypted and protected are retrieved and stolen from the swap device. Signed-off-by: Andreas Steinmetz <ast@domdv.de> Acked-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel/power/Kconfig')
-rw-r--r--kernel/power/Kconfig12
1 files changed, 12 insertions, 0 deletions
diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
index 2c7121d..917066a 100644
--- a/kernel/power/Kconfig
+++ b/kernel/power/Kconfig
@@ -72,6 +72,18 @@ config PM_STD_PARTITION
suspended image to. It will simply pick the first available swap
device.
+config SWSUSP_ENCRYPT
+ bool "Encrypt suspend image"
+ depends on SOFTWARE_SUSPEND && CRYPTO=y && (CRYPTO_AES=y || CRYPTO_AES_586=y || CRYPTO_AES_X86_64=y)
+ default ""
+ ---help---
+ To prevent data gathering from swap after resume you can encrypt
+ the suspend image with a temporary key that is deleted on
+ resume.
+
+ Note that the temporary key is stored unencrypted on disk while the
+ system is suspended.
+
config SUSPEND_SMP
bool
depends on HOTPLUG_CPU && X86 && PM
OpenPOWER on IntegriCloud