GELI suspend/resume
I use geli to encrypt partition on my laptop for a very long time.
The only problem is when I need to suspend the laptop (yes, suspend works almost like a charm on my t43) - I need to detach  my encrypted partition then. It would be more or less safe for me to leave it attached, as I lock my console with ’vlock -a’ command, so the only thing a thief can do is to turn off the laptop, thus remove keys from the memory. Although leaving attached partition with all the keys in memory doesn’t seem right…
BTW. ‘vlock -a’ is really nice, because when everything is locked, it will reset the system when one tries to enter DDB. Not sure if that is intended behaviour, but very useful.
Detaching encrypted partition is a bit PITA, as I keep a lot of stuff in there, so before I can unmount the file system and detach it, I need to go through all my x-terms and cd out of directories from encrypted file system, I need to close all encrypted files, etc.
I decided to implement suspend and resume subcommand for geli(8). Before I suspend my laptop I execute ‘geli suspend’. This command tells GELI GEOM class in the kernel to remove all sensitive informations, and delay all further I/O request until ‘geli resume’ (or ‘geli detach’) command is called. This way I don’t need to unmount file system sitting on top of the encrypted partition. When I execute ‘geli resume’ command after resume, I provide my password just like for ‘geli attach’ command, which allows GEOM class to recreate all the keys in the kernel and start the I/O traffic again.
The tricky part is not to suspend a provider which ’geli resume’ needs to access, because you will simply deadlock your system. For example it most likely won’t work for fully encrypted disk. One way to fix this is to join functionality of suspend and resume geli subcommands, ie. ‘geli suspend’ will automatically ask for the passphrase (without the need of reading or executing anything), which can be given after resuming the laptop. I haven’t decided what to do about that yet, the code is in my perforce tree for now and will probably be committed after the RELENG_7 is branched.
September 28th, 2007 at 7:31 pm
[...] Im Blog Theater wrote an interesting post today onHere’s a quick excerpt … hief can do is to turn off the laptop, thus remove keys from the memory…. … which can be given after resuming the laptop….I use geli to encrypt partition on my laptop for a very long time…. [...]
October 3rd, 2007 at 10:20 am
Very Nice!
-aW
October 15th, 2007 at 4:22 pm
[...] Read the rest of this great post here [...]
February 8th, 2008 at 4:12 pm
Remove And Block Spyware And Malware From Your Computer
If you get several random pop ups, and your computer is running unusually slow you are probably infected with spyware. Check out this great site to learn how to detect, remove and block spyware and malware from your computer! It is complete with step…
March 13th, 2008 at 1:46 pm
$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbook,ncaa,ncaa Betting,...
$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbook,ncaa,ncaa Betting,nc…
March 15th, 2008 at 10:06 am
Fullertonsportsarea3137$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sports…
Fullertonsportsarea3137$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbo…
March 15th, 2008 at 3:18 pm
HQ0mud U from Russia?
March 29th, 2008 at 9:41 pm
Hey nice site you have. Anyways I just thought I?d chat about some new chess software I found lately. Its called Chess Analysis Pro 7000. its really neat. tryed and tested it cool.
April 2nd, 2008 at 7:25 pm
cool site for my mind its very goodPlease, send your abuse here
send.your.abuse.here@gmail.com
April 2nd, 2008 at 8:58 pm
The tournament is looking great so far. I have 3 out of 4 of my Final Four picks still in it. I’m hoping I can win my office pool.
April 3rd, 2008 at 12:14 pm
cool site for my mind its very goodPlease, send your abuse here
send.your.abuse.here@gmail.com
April 5th, 2008 at 11:00 am
cool site for my mind its very goodPlease, send your abuse here
send.your.abuse.here@gmail.com
April 5th, 2008 at 11:33 pm
cool site for my mind its very goodPlease, send your abuse here
send.your.abuse.here@gmail.com
April 6th, 2008 at 8:49 am
cool site for my mind its very goodPlease, send your abuse here
send.your.abuse.here@gmail.com
April 6th, 2008 at 6:49 pm
It is one of things I can never understand … how people can think that way. It’s so illogical that it can only be based upon moronity.
April 9th, 2008 at 12:44 pm
Sir, yes sir! I’m agreeing with you, but I don’t think everybody do. You should not be so rude, it frightens of.
April 18th, 2008 at 8:49 am
? ??? ????, ???? ?? ?????
April 26th, 2008 at 10:04 am
scgabhtt
scgabhtt
May 1st, 2008 at 2:35 pm
Hey! nice blog GELI suspend/resume with Betting
May 10th, 2008 at 3:52 pm
Interesting encrypt
June 27th, 2008 at 8:30 am
[...] Schwagging ScheduleMy Dog Lacey ? Blog Archive ? Advantage for Fleas …….. and Ticks? My work ? Blog Archive ? GELI suspend/resume Tags horse racing bet sport bet horse race bet system football bet betting strategy bet on [...]
June 27th, 2008 at 7:17 pm
nice blog, i am sure i will back here often