[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recovering from compromised keys

On Thu, 23 Sep 2010 at 17:31:39 +0200, Roland Mas wrote:
> Indeed.  My current setup is that sda1 is small, unencrypted and holds
> /boot only.  sda2 is the whole rest of the hard disk, and it's mapped to
> a LUKS device used as a physical volume for LVM, and there are several
> LVs on there, including those mounted as filesystems and one for swap.

That's the configuration we use too. Suspend-to-disk works fine; you're
prompted for a passphrase by the initramfs, which then decrypts and sets up
the LVM blob, and resumes from there.

Suspend-to-RAM also works, but is obviously not secure against attackers
waking up the laptop and exploiting some bug in a locked screensaver, or
remote access, or whatever.


Reply to: