Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I get the feeling I'm just not asking Google my question correctly... I am running a laptop with full-disk encryption, but I tend to close the lid to suspend it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157

    Require a password when waking


    I get the feeling I'm just not asking Google my question correctly...

    I am running a laptop with full-disk encryption, but I tend to close the lid to suspend it rather than shutting the machine down. Is there a way to have the encrypted system ask a password before waking from suspension?
    Alternative methods are welcome as well.

  2. #2
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    943
    I wouldn't just close the lid, better to tell the computer to Suspend so it can save the session especially if using encryption. I don't think what you want can be done. Why not just password protect your screen saver and set the option to prompt for password or resume from suspend?

  3. #3
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157
    Quote Originally Posted by docbop View Post
    I wouldn't just close the lid, better to tell the computer to Suspend so it can save the session especially if using encryption.
    It automatically suspends when closing the lid.
    Why not just password protect your screen saver and set the option to prompt for password or resume from suspend?
    While I am far from an expert, I believe that there is a significant risk on the encryption since the session is still active.

  4. #4
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,311
    Are you using pm-utils? Does the encryption make a difference with regards to how it works?

    Here's the pm-utils doc for arch linux anchored to the pw section:
    https://wiki.archlinux.org/index.php...ate_or_suspend

  5. #5
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157
    Quote Originally Posted by gregm View Post
    Are you using pm-utils? Does the encryption make a difference with regards to how it works?

    Here's the pm-utils doc for arch linux anchored to the pw section:
    https://wiki.archlinux.org/index.php...ate_or_suspend
    Locking the screen does not lock the encrypted filesystem, but only prevents access [in the userland]. It's about equivalent to a locked door vs actually hiding something in a room. What I'm after would occur before the disk is mounted and any system actions take place.

  6. #6
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,311
    I can't say if it is possible but on of the hooks provided by pm-utils is thaw. That would seem to be the time to do what you want to do - if possible: pm-utils - power management scripts for suspend and hibernate

  7. #7
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157
    Quote Originally Posted by gregm View Post
    I can't say if it is possible but on of the hooks provided by pm-utils is thaw. That would seem to be the time to do what you want to do - if possible: pm-utils - power management scripts for suspend and hibernate
    Thanks; I'll look into this and some other things I'm finding on suspension/hibernation (I just had the realization that suspend-to-disk will require access to the disk, so perhaps using that instead of suspend-to-RAM will give me what I want).

  8. #8
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    943
    Quote Originally Posted by gregm View Post
    I can't say if it is possible but on of the hooks provided by pm-utils is thaw. That would seem to be the time to do what you want to do - if possible: pm-utils - power management scripts for suspend and hibernate
    Don't know how secure the OP is trying to make this, but with a full disk encryption the key is read from the boot partition and loaded into memory. During a hibernate/suspend memory gets written to the swap partition, so unless the swap partition is encrupted the key is sitting there and that is were crackers look. The swap partition can be encrypted but from what I'm seeing setting up hibernate with encrypted swap is tricky. That's why to me with boot/shutdown speed using an SSD and DE that save session state it's just easier/safer to just shutdown and power back up.

    Just thinking out loud....

  9. #9
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157
    Quote Originally Posted by docbop View Post
    Don't know how secure the OP is trying to make this, but with a full disk encryption the key is read from the boot partition and loaded into memory. During a hibernate/suspend memory gets written to the swap partition, so unless the swap partition is encrupted the key is sitting there and that is were crackers look. The swap partition can be encrypted but from what I'm seeing setting up hibernate with encrypted swap is tricky. That's why to me with boot/shutdown speed using an SSD and DE that save session state it's just easier/safer to just shutdown and power back up.

    Just thinking out loud....
    Swap is encrypted [along with everything else but the UEFI partition]. I've not looked into this level of security but I'm OK with a challenge

  10. #10
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    943
    Quote Originally Posted by ryokimball View Post
    Swap is encrypted [along with everything else but the UEFI partition]. I've not looked into this level of security but I'm OK with a challenge
    Be interesting to see what you come up with. I run an encrypted hard drive, but not swap maybe later. I occasionaly will suspend, but one time it did bite me in the ass and threw a disk encption error on resume. Luckily a power down and restart everything was okay.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •