Re: recovering from compromised keys

To: debian-devel@lists.debian.org
Subject: Re: recovering from compromised keys
From: Simon McVittie <smcv@debian.org>
Date: Thu, 23 Sep 2010 17:07:56 +0100
Message-id: <[🔎] 20100923160755.GA29654@reptile.pseudorandom.co.uk>
In-reply-to: <[🔎] 87lj6seask.fsf@mirexpress.internal.placard.fr.eu.org>
References: <[🔎] 20100923141306.GA32564@reptile.pseudorandom.co.uk> <[🔎] 20100923145026.GA5375@debian.org> <[🔎] 20100923151401.GA7898@glandium.org> <[🔎] 87lj6seask.fsf@mirexpress.internal.placard.fr.eu.org>

On Thu, 23 Sep 2010 at 17:31:39 +0200, Roland Mas wrote:
> Indeed.  My current setup is that sda1 is small, unencrypted and holds
> /boot only.  sda2 is the whole rest of the hard disk, and it's mapped to
> a LUKS device used as a physical volume for LVM, and there are several
> LVs on there, including those mounted as filesystems and one for swap.

That's the configuration we use too. Suspend-to-disk works fine; you're
prompted for a passphrase by the initramfs, which then decrypts and sets up
the LVM blob, and resumes from there.

Suspend-to-RAM also works, but is obviously not secure against attackers
waking up the laptop and exploiting some bug in a locked screensaver, or
remote access, or whatever.

     S

Reply to:

Follow-Ups:
- Re: recovering from compromised keys
  - From: Paul Wise <pabs@debian.org>

References:
- Re: recovering from compromised keys
  - From: Simon McVittie <smcv@debian.org>
- Re: recovering from compromised keys
  - From: Osamu Aoki <osamu@debian.org>
- Re: recovering from compromised keys
  - From: Mike Hommey <mh@glandium.org>
- Re: recovering from compromised keys
  - From: Roland Mas <lolando@debian.org>

Prev by Date: Re: recovering from compromised keys
Next by Date: Re: Summary of CUT discussions (Was: unstable/testing/[pending/frozen/]stable)
Previous by thread: Re: recovering from compromised keys
Next by thread: Re: recovering from compromised keys
Index(es):
- Date
- Thread