Use luksSuspend/luksResume in hibernation scripts
The latest trunk version of cryptsetup introduces support for luksSuspend/
Excerpt from manpage:
suspends active device (all IO operations are frozen) and wipes encryption key from kernel. Kernel version 2.6.19 or later is required.
After that operation you have to use \fIluksResume\fR to reinstate encryption key (and resume device) or \fIluksClose\fR to remove mapped device.
WARNING: never try to suspend device where is the cryptsetup binary itself.
Resumes suspended device and reinstates encryption key. You will need provide passphrase identical to luksOpen command (using prompting or key file).
This feature provides a way to implement secure hibernation without having to use an encrypted swap partition. It should be used in ubuntu's hibernation scripts as soon as a new stable version of cryptsetup is released.
|affects:||ubuntu → cryptsetup (Ubuntu)|
|Changed in cryptsetup (Ubuntu):|
|status:||New → Confirmed|