[pkg-cryptsetup-devel] Bug#774647: can't a use key file stored on an encrypted rootfs to unlock the resume device at initramfs stage
Christoph Anton Mitterer
calestyo at scientia.org
Mon Mar 27 15:29:40 BST 2023
Hey.
I rather think now that even my hack with the swapfile isn't really
save.
The idea with that was that it's just the file, but not activated as
swap of course. But who knows for sure that in this case the file is
never moved.
Anyway, @Guilhem, would you agree to close this as wontfix and add a
README.x entry that describes why - with hibernation/resume - the key
file cannot safely be loaded from a filesystem that is hibernated, too?
Not sure whether to better put it in README.initramfs (yes it happens
in that phase) or README.Debian (in principle a user could just hack
something together on his own with the same issue and not even install
cryptsetup-initramfs).
Cheers,
Chris.
More information about the pkg-cryptsetup-devel
mailing list