EncryptedSwapWithHibernationSupport

Revision 3 as of 2009-09-17 00:29:31

Clear message

Summary

Currently home encryption turns on swap encryption. However, since a random boot password is used, it is not possible to resume from hibernation. Normal boot should not require any user input. Resume from hibernation should require any recently logged-in user to type in their password.

Release Note

This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)

It is mandatory.

Rationale

Hibernation should work.

User stories

Jane chooses encrypted home directory as an install option. After computer is installed, Jane logs in, then hibernates the computer. Jane resumes the computer at a later time, and enters her own login password when prompted by the resume process.

Jane changes her password. When she hibernates/resumes she enters the new password, not her original.

Jane reboots the computer. No input is required for booting.

Assumptions

Only one swap device is configured.

Design

On install, swap is set up with LUKS encryption. The swap device is /dev/mapper/cryptswap1.

On boot:

  • if only slot 0 is set up in LUKS, then the swap device is reformatted with a new random password in slot 0. The random passowrd is stored in /lib/init/rw/.swap/password.
  • if any slot other than 0 is set up in LUKS, the user is prompted for their password for unlocking the swap device, then resume is attempted.

On shutdown:

  • Slots 1-7 are cleared

On local login:

  • A slot is chosen for this user, cached in /lib/init/rw/.swap/usermap
  • The login password is applied to the chosen slot
  • If the all slots are full, LRU policy applies

On change password:

  • If user in /lib/init/rw/.swap/usermap, apply new password to chosen slot

Implementation

UI Changes

Change initramfs config to handle asking user for swap password when needed

Code Changes

New pam module to handle local login and password change.

Migration

Write script to migrate to this setup from:

  • non-encrypted swap
  • swap encrypted with random key (non-luks)

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

  • Only last 7 local users are able to resume from hibernation.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

CategorySpec