A script for Ubuntu to lock the encrypted root volume on suspend.
When using dm-crypt with LUKS to set up full system encryption, the
encryption key is kept in memory when suspending the system. This drawback
defeats the purpose of encryption if you carry around your suspended laptop
a lot. One can use the cryptsetup luksSuspend
command to freeze all I/O and
flush the key from memory, but special care must be taken when applying it to
the root device.
The ubuntu-linux-suspend
script replaces the default suspend mechanism of
systemd. It extracts the initramfs to RAM and changes root to it in order to
perform the luksSuspend
, actual suspend, and luksResume
operations.
- Clone this repository:
git clone https://github.com/zhongfu/ubuntu-luks-suspend
- Install the scripts:
sudo make install
- Rebuild the initramfs:
sudo update-initramfs -u
- Reboot.
- Uninstall the scripts:
sudo make uninstall
- Rebuild the initramfs:
sudo update-initramfs -u
- Reboot.
Copyright 2013 Vianney le Clément de Saint-Marcq [email protected]
Copyright 2017 Zhongfu Li [email protected]
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 3 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with This program. If not, see http://www.gnu.org/licenses/.