Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux S3 sleep support and two more useful additions #3

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Linux S3 sleep support and two more useful additions #3

wants to merge 6 commits into from

Conversation

mmatuska
Copy link

@mmatuska mmatuska commented Jan 1, 2021

This adds the three commits from https://github.com/fabiogermann/sedutil:

  • Add option to use non-ascii passwords
  • Option to print the password hash
  • S3 sleep support for Linux

See comments in the commit messages.

Would it be difficult to develop inserting the hash when waking up on FreeBSD or do we have another mechanism for this?

Alex and others added 6 commits January 1, 2021 23:03
@mmatuska
Add option to use non-ascii passwords
54c6574 
This is to allow proper '-h' (no password hashing) usage, where the user
might have saved the hash itself, or used a different hashing mechanism
altogether, and ends up with 0 bytes or control characters in the
resulting string.
@mmatuska
Option to print the password hash
0fce126 
Useful for users, who want to use different utilities with their SED
drives, and also in combination  with "-x -n", meaning "no hash", "hex",
so no plaintext passwords are saved to scripts or shell history.
@mmatuska
Add S3 sleep support for Linux
ce324c8 
The new command is --prepareForS3Sleep, and it should be called every
new boot, as it stores the drive key (password hash) in kernel memory.
@ckamm @mmatuska
prepareForS3Sleep: use locking range
f574486 
Untested, but it seems odd to use 0 when it's passed in from the command
line.
@ckamm @mmatuska
Fix build of pba image
535bb39 
- add define to disable S3 sleep support in pba build
@ckamm @mmatuska
PBA: Fix uninitialized variable breaking unlocking
6331249
@amotin
Copy link
Owner

amotin commented Jan 4, 2021

I have no problems with few commits adding hashes manipulation, but I can't say anything about Linux S3 part. On FreeBSD kernel has no idea bout OPAL and I am not happy to add there some reduced version of this tool, if that is the way to use the password on S3 resume. I am also not sure that automatic unlock on resume is good from protection point of view. Though likely I just don't know how it supposed to be used.

@mmatuska
Copy link
Author

mmatuska commented Jan 4, 2021

I recently bought a Thinkpad T14 AMD amd have Ubuntu 20.10 on it. The S3 sleep support works well. Of course the best solution would be to ask for the passphrase on each resume from suspend - this way a system in S3 sleep is unprotected but from the notebook user's point of view is it much better than not having suspend ...

@amotin
Copy link
Owner

amotin commented Jan 4, 2021

I just don't feel like I am in position to decide how it should work on Linux. If that is decided to be the way -- I am OK with that. Just thinking about some laptop that is never powered off but always in S3, I am not sure what is the real point of SED there, if anybody could resume the system, make it unlock the drive(s) and then reboot to some other OS from USB stick for data extraction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmatuska @amotin @ckamm