add support to ecryptfs-setup-swap for keyed hibernation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Won't Fix
|
Wishlist
|
Unassigned | ||
ecryptfs-utils (Ubuntu) |
Won't Fix
|
Wishlist
|
Unassigned | ||
ubiquity (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
ecryptfs-setup-swap currently creates entries in /etc/fstab and /etc/crypttab for encrypted swap, in order to increase the security of systems using ecryptfs.
However, in its current implementation, this breaks hibernation support in most cases. The current implementation just creates a randomly generated key each boot for swap space.
The advantage of this approach is that this allows the system to boot unattended, without prompting for a passphrase until system login screens.
However, in the long term, we would like to eventually fix this problem, and cleanly support hibernation to encrypted swap.
As I see it, there are a few approaches...
1) configure encrypted swap using a single static passphrase stored in LUKS, which is required at system boot; this same passphrase would be required to resume the system; this breaks unattended boots, and requires all users on a system to share the same swap passphrase
2) randomly generate the passphrase at boot, but wrap this passphrase using a pam module each time a user logs in (up to 7 different users), and stuff this wrapped passphrase in LUKS; this would allow any user who has logged into the system to resume it; each user would use their own passphrase to resume; and this would *not* break unattended boots
3) create and setup a swap file at user login, rather than at boot, hook pam to put that passphrase into LUKS; no passphrase required until login; only one user really supported, which is perhaps okay for some laptop setups; no swap space available during boot, which perhaps isn't that big of a deal
:-Dustin
Changed in ecryptfs: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
tags: | added: patch |
affects: | ubuntu → ecryptfs-utils (Ubuntu) |
Changed in ecryptfs-utils (Ubuntu): | |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu): | |
status: | New → Confirmed |
Changed in ecryptfs-utils (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → Wishlist |
Approach #1 might be less inconvenient than it first seems, since people that like to hibernate might not be doing normal boots and are therefore not inconvenienced by the extra password prompt during normal boot.
Here is a bzr patch for approach #1. It's really a new file, not a patch for the existing swap setup script. I think it's a good stop-gap measure until #2 or #3 are implemented. The patch does not affect existing flows and can be optionally run by people that care about hibernation.