EncryptedSwapWithHibernationSupport

Summary

Currently home encryption turns on swap encryption. However, since a random boot password is used, it is not possible to resume from hibernation. Normal boot should not require any user input. Resume from hibernation should require any recently logged-in user to type in their password.

Release Note

After turning on encrypted swap with hibernation support, the user will have to enter their login password to resume from hibernation.

Rationale

Hibernation should work.

User stories

Jane chooses encrypted home directory as an install option. After computer is installed, Jane logs in, then hibernates the computer. Jane resumes the computer at a later time, and enters her own login password when prompted by the resume process.

Jane changes her password. When she hibernates/resumes she enters the new password, not her original.

Jane reboots the computer. No input is required for booting.

Assumptions

Only one swap device is configured.

Design

On install, swap is set up with LUKS encryption. The swap device is /dev/mapper/cryptswap1.

On boot:

  • if only slot 0 is set up in LUKS, then the swap device is reformatted with a new random password in slot 0. The random passowrd is stored in /lib/init/rw/.swap/password.
  • if any slot other than 0 is set up in LUKS, the user is prompted for their password for unlocking the swap device, then resume is attempted.
  • if the user does not remember their password, they should be able to bypass the password prompt. In this case reformat the LUKS swap device with a random password and store it as in the first case.

On shutdown:

  • Slots 1-7 are cleared

On local login:

  • A slot is chosen for this user, cached in /lib/init/rw/.swap/usermap
  • The login password is applied to the chosen slot
  • If the all slots are full, LRU policy applies

On change password:

  • If user in /lib/init/rw/.swap/usermap, apply new password to chosen slot

Implementation

UI Changes

Change initramfs config to handle asking user for swap password when needed.

Code Changes

New pam module to handle local login and password change.

Migration

Write script to migrate to this setup from:

  • non-encrypted swap
  • swap encrypted with random key (non-luks)

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

  • Only last 7 local users are able to resume from hibernation.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.


CategorySpec

EncryptedSwapWithHibernationSupport (last edited 2009-09-18 23:58:13 by niftybox)