Bugzilla – Bug 399298
encrypt swap partions by default on every boot using a random key
Last modified: 2009-03-19 09:58:55 UTC
I think for security reasons, swap partitions should be encrypted by default in a way where a RANDOM encryption key is generated on EVERY boot, so users are not required to enter the key on every boot. As the swap partition is also used for hibernation/suspend-to-ram this would raise the problem of not being able to decrypt the hibernation data on the next boot. Therefore I would suggest to automatically create a dedicated, encrypted hibernation file before hibernating and writing the RAM content into this file instead of writing into the swap partition. The key for this encrypted hibernation file should be derived from a password the user is requested to enter immediately after initiating the hibernation process (or by using a fingerprint reader if available for more convenience, but less security). Though, an open question would be a solution for the case, when the user is not present to enter a password or swipe his finger because hibernation is done automatically (after an idle timeout or because of low battery).
(For hibernation, we can actually use RSA so that passphrase is only entered during resume. Stock s2disk should actually support that.)
Yes, I had this idea, too. We could use a hybrid encryption solution here. On hibernation, generate a random key and encrypt the hibernation file using a symmetrical cipher (e.g. twofish256) and encrypt that autogenerated symmetrical key using an asymmetric cipher (e.g. El-Gamal or RSA). This way, the user does not need to be present when the system hibernates. He only needs to enter the passphrase for his asymmetric private key to decrypt the autogenerated symmetric key which was used to encrypt the hibernation file.
this is not going to happen by default. However the method described here: http://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/ swamp is automatically encrypted also.