SecureSuspendToRam: Difference between revisions

Currently in Gnu/Linux it is not possible to securely suspend a computer (such as a laptop) to RAM. When we say that suspend is not secure, we mean that it is possibly to read out meaningful data in various ways. This readout of memory may happen after the suspend state has been initiated or upon un-suspending. The canonical example of this type of attack is the Cold Boot Attack.

It is currently possible to suspend to disk in a secure manner. Generally this is accomplished by writing out the hibernate image into an encrypted partition or by prompting for a passphrase. Without the ability to unlock the disk or unencrypt the file, it is not possible to resume the machine.

We believe that it is possible to bring about similar protection with increased functionality with an encrypted suspend to RAM implementation.

Generally, we'd like to have the entire kernel (and thus not need to know which parts have say, key bits) possibly excepting the ACPI code, encrypted by the suspend process. Additionally, we'd like it to have similar security properties as the suspend to disk methods currently in use (generally with LUKS).