This question is related to another one by @Stefan, but it is not a duplicate of it. The questions are slightly different: the author simply wanted to know if this had been implemented, while I'm asking for help specifically on how to do this (in a particular way). Additionally, the other question got no useful answers for implementers, except a recent one that merely linked to my attempt at this.
Having explained the "duplicate" issue…
I'm on Ubuntu 14.04 using full disk encryption (LVM on top of LUKS) and I would like to incorporate luksSuspend into the suspend procedure (and later use luksResume) so that I can suspend to RAM without leaving key material on memory and the root unlocked.
I've tried to port a script for Arch Linux, so far without success: I honestly have no idea of what I'm doing…
Can anyone help me port this (or create something like this from scratch)? Or, at least, can anyone point me to documentation about how to hook stuff into the suspend procedures and how to keep the necessary binaries and scripts (such as cryptsetup) available even after all IO to root has been blocked (by luksSuspend)?
Concerning how to keep the necessary binaries and scripts available for resume, this other blog post (also for Arch) copied them to /boot; I would like however to use something more in the lines what Vianney used in the script I mentioned before, because that approach appears to be a bit more elegant in this aspect.
I haven't reached much, but my development can be found on GitHub.
Best Answer
Sorry to state the obvious, but have you tried adding a script containing the cryptsetup luksSuspend/luksResume commands to the
/usr/lib/pm-utils/sleep.d? If so what happened?It would seem logical to me, to call stop/start the cryptdisks and cryptdisks_early services on hibernate/resume too. Would calling cryptdisks_stop and cryptdisks_start within a script in
pm-utils/sleep.ddo the trick? I assume this would have the same result as callingcryptsetup luksSuspenddirectly.