I use geli to encrypt partition on my laptop for a very long time.
The only problem is when I need to suspend the laptop (yes, suspend works almost like a charm on my t43) – I need to detach my encrypted partition then. It would be more or less safe for me to leave it attached, as I lock my console with ‘vlock -a’ command, so the only thing a thief can do is to turn off the laptop, thus remove keys from the memory. Although leaving attached partition with all the keys in memory doesn’t seem right…
BTW. ‘vlock -a’ is really nice, because when everything is locked, it will reset the system when one tries to enter DDB. Not sure if that is intended behaviour, but very useful.
Detaching encrypted partition is a bit PITA, as I keep a lot of stuff in there, so before I can unmount the file system and detach it, I need to go through all my x-terms and cd out of directories from encrypted file system, I need to close all encrypted files, etc.
I decided to implement suspend and resume subcommand for geli(8). Before I suspend my laptop I execute ‘geli suspend’. This command tells GELI GEOM class in the kernel to remove all sensitive informations, and delay all further I/O request until ‘geli resume’ (or ‘geli detach’) command is called. This way I don’t need to unmount file system sitting on top of the encrypted partition. When I execute ‘geli resume’ command after resume, I provide my password just like for ‘geli attach’ command, which allows GEOM class to recreate all the keys in the kernel and start the I/O traffic again.
The tricky part is not to suspend a provider which ‘geli resume’ needs to access, because you will simply deadlock your system. For example it most likely won’t work for fully encrypted disk. One way to fix this is to join functionality of suspend and resume geli subcommands, ie. ‘geli suspend’ will automatically ask for the passphrase (without the need of reading or executing anything), which can be given after resuming the laptop. I haven’t decided what to do about that yet, the code is in my perforce tree for now and will probably be committed after the RELENG_7 is branched.
[...] Im Blog Theater wrote an interesting post today onHere’s a quick excerpt … hief can do is to turn off the laptop, thus remove keys from the memory…. … which can be given after resuming the laptop….I use geli to encrypt partition on my laptop for a very long time…. [...]
Very Nice!
-aW
[...] Read the rest of this great post here [...]
Remove And Block Spyware And Malware From Your Computer
If you get several random pop ups, and your computer is running unusually slow you are probably infected with spyware. Check out this great site to learn how to detect, remove and block spyware and malware from your computer! It is complete with step…
$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbook,ncaa,ncaa Betting,…
$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbook,ncaa,ncaa Betting,nc…
Fullertonsportsarea3137$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sports…
Fullertonsportsarea3137$anchor$basketball Betting,final Four,final Four Betting,final Four Gambling,final Four Sports Book,final Four Sportsbook,march Madness,march Madness Betting,march Madness Gambling,march Madness Sports Book,march Madness Sportsbo…
HQ0mud U from Russia?
Hey nice site you have. Anyways I just thought I?d chat about some new chess software I found lately. Its called Chess Analysis Pro 7000. its really neat. tryed and tested it cool.
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
The tournament is looking great so far. I have 3 out of 4 of my Final Four picks still in it. I’m hoping I can win my office pool.
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
It is one of things I can never understand … how people can think that way. It’s so illogical that it can only be based upon moronity.
Sir, yes sir! I’m agreeing with you, but I don’t think everybody do. You should not be so rude, it frightens of.
? ??? ????, ???? ?? ?????
scgabhtt
scgabhtt
Hey! nice blog GELI suspend/resume with Betting
Interesting encrypt
[...] Schwagging ScheduleMy Dog Lacey ? Blog Archive ? Advantage for Fleas …….. and Ticks? My work ? Blog Archive ? GELI suspend/resume Tags horse racing bet sport bet horse race bet system football bet betting strategy bet on [...]
nice blog, i am sure i will back here often