unswappable pages are swapped out during hibernation

Agreed. As far as I've been able to see, fixing this requires some closer integration of cryptsetup, by-default encrypted swap, and initramfs changes.

On Tue, 2006-11-21 at 01:26 +0000, Kees Cook wrote:
> Agreed. As far as I've been able to see, fixing this requires some
> closer integration of cryptsetup, by-default encrypted swap, and
> initramfs changes.

Interesting approach :). We'll still want something to avoid disclosure
on non-encrypted swap though right ? (because of the bazjillion existing
installs).

Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Is this still an issue on Gutsy?

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!.

 status new

Take a look at https://bugs.launchpad.net/ubuntu/+bug/196368 , the hdd encryption passwords indeed are cleartext in memory.

Robert, is this still a problem in the current release? I noticed you've reopened the bug report but still failed to provide any information as to why or a demonstration of the problem.

On Fri, 2008-06-06 at 17:47 +0000, Patrick Kilgore wrote:
> Robert, is this still a problem in the current release? I noticed you've
> reopened the bug report but still failed to provide any information as
> to why or a demonstration of the problem.

Because the information is already there - the issue is documented, etc.

-Rob

--
GPG key available at: <http://www.robertcollins.net/keys.txt>.

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Kees,

wouldn't activating swap encryption by default render hibernation impossible in the first case?

Felipe, there are two ways to do encrypted swap: with a random key, and with a LUKs-protected passphrase (or a raw passphrase). When not random, the swap can be decrypted and un-hibernated from.

This isn't a bug in the kernel. If you are going to use hibernation, everything has to be written to swap. If you want to protect that, then encrypt your swap.