EncryptedSwapWithHibernationSupport
Launchpad Entry: encrypted-swap-with-hibernation-support
Created: 2009-09-16
Contributors: MironCuperman, DustinKirkland
Packages affected: ecryptfs-utils, ubiquity
Summary
Currently home encryption turns on swap encryption. However, since a random boot password is used, it is not possible to resume from hibernation. Normal boot should not require any user input. Resume from hibernation should require any recently logged-in user to type in their password.
Release Note
This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)
It is mandatory.
Rationale
Hibernation should work.
User stories
Jane chooses encrypted home directory as an install option. After computer is installed, Jane logs in, then hibernates the computer. Jane resumes the computer at a later time, and enters her own login password when prompted by the resume process.
Jane changes her password. When she hibernates/resumes she enters the new password, not her original.
Jane reboots the computer. No input is required for booting.
Assumptions
Only one swap device is configured.
Design
On install, swap is set up with LUKS encryption. The swap device is /dev/mapper/cryptswap1.
On boot:
- if only slot 0 is set up in LUKS, then the swap device is reformatted with a new random password in slot 0. The random passowrd is stored in /lib/init/rw/.swap/password.
- if any slot other than 0 is set up in LUKS, the user is prompted for their password for unlocking the swap device, then resume is attempted.
On shutdown:
- Slots 1-7 are cleared
On local login:
- A slot is chosen for this user, cached in /lib/init/rw/.swap/usermap
- The login password is applied to the chosen slot
- If the all slots are full, LRU policy applies
On change password:
- If user in /lib/init/rw/.swap/usermap, apply new password to chosen slot
Implementation
UI Changes
Change initramfs config to handle asking user for swap password when needed
Code Changes
New pam module to handle local login and password change.
Migration
Write script to migrate to this setup from:
- non-encrypted swap
- swap encrypted with random key (non-luks)
Test/Demo Plan
It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.
This need not be added or completed until the specification is nearing beta.
Unresolved issues
- Only last 7 local users are able to resume from hibernation.
BoF agenda and discussion
Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.