-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2010-10-13 at 10:48 +0200, Stefan Seyfried wrote:
On Wed, 13 Oct 2010 10:40:57 +0200 Susan Dittmar <> wrote:
Ah, you misunderstood. There's no problem with typing the passphrase for resuming. Problem is the suspend part -- here I would prefer to just have to press *one* key (the laptop's prebuilt function key) for the laptop to shut down.
Encrypted suspend is part of uswsusp.
Please read /usr/share/doc/packages/suspend/README.encryption, set "encrypt = y" (and "threads = y" if you have a multi-core CPU) in /etc/suspend.conf, then run /usr/sbin/suspend-keygen
I did not try this for quite some time, but it worked well once upon a time.
Yes, the swap can be encrypted, and during resume the kernel messages mentions that fact. I don't know if it uses LUKS or something else. Using that method, however, during boot the system would ask for the passphrase twice or more: once for the root system (another for /home, if used), and another for swap ⁽¹⁾. On restore from hibernation, it would ask for the password only once: for the swap. The partitions are mounted, no password required. I wonder what would happen on a failed wake up, would the fsck script ask for the password, or would it fail? - - (1) I think that asking for the password several times can not be helped while booting, or developers or openSUSE maintainers would have used such a method for yast, instead of using the LVM kludge. If a method existed they would have used it. I hope! - - Another possibility would be hardware encryption, directly by the HD firmware. Search for "ATA Security Feature Set" in man hdparm. I have never used this in Linux - I know of people that used it in windows. I don't know who has to ask for the password, I think the bios: not even the MBR can be read if the lock is set. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAky1t/wACgkQtTMYHG2NR9WEjQCgjybBdB1PCPbm+sgwnyJLnrlC s8EAoIaZANQsEW9ZjnV4ycjLTr/C1QB2 =JLqX -----END PGP SIGNATURE-----