Heck, I'd be OK with it requiring me to enter a passphrase on resume. I'd even be OK with linux having a tunable to hand my root LUKS passphrase to this facility, to keep it easy. Just about everything this runs on should have AES-NI and the on-disk format should be verifyable. This would be a great extension to the service from Intel.
I actually got as far as setting up the partition's GUID before the implications occurred to me. It would be nice, but for now hibernate is my only safe option.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Threat to dm-crypt
Date: 2013-07-16 04:36 am (UTC)I actually got as far as setting up the partition's GUID before the implications occurred to me. It would be nice, but for now hibernate is my only safe option.