Close lid to encrypt Hard disk encryption in Linux suspend mode
by Tim Dittler
At: FOSDEM 2020
https://video.fosdem.org/2020/UA2.220/dip_close_lid_encrypt.webm
Today, hard disk encryption only protects user's data when their machine is shut down.
"Close lid to encrypt" aims to enhance this protection also to suspend mode.
Hard disk encryption is a necessity for everyone, who fears the physical theft or seizure of their device. However, your data is still only protected while the machine is shut down. But most people rarely shutdown their devices anymore. Usually, you just close the lid of your notebook and you're on your way.
"Close lid to encrypt" aims to improve the privacy of your data. When you close the lid of your notebook, it goes into sleep/suspend mode. All processes are frozen and don't need to access your hard disk anymore. We use this opportunity to clean the keys of your encrypted devices and suspend them as well. Therefore, the data on your hard drive is protected.
When resuming your computer, you must re-enter the password of your encrypted volumes. But then you're just where you've been working before.
To make all this work, we rely on a small kernel patch, the cryptsetup project, initramfs and cgroups2. "Close lid to encrypt" right now focuses on Debian and it derivatives and we plan to bring all code upstream. This effort is funded by the German Prototypefund.
Room: UA2.220 (Guillissen)
Scheduled start: 2020-02-02 08:00:00
Видео Close lid to encrypt Hard disk encryption in Linux suspend mode канала FOSDEM
At: FOSDEM 2020
https://video.fosdem.org/2020/UA2.220/dip_close_lid_encrypt.webm
Today, hard disk encryption only protects user's data when their machine is shut down.
"Close lid to encrypt" aims to enhance this protection also to suspend mode.
Hard disk encryption is a necessity for everyone, who fears the physical theft or seizure of their device. However, your data is still only protected while the machine is shut down. But most people rarely shutdown their devices anymore. Usually, you just close the lid of your notebook and you're on your way.
"Close lid to encrypt" aims to improve the privacy of your data. When you close the lid of your notebook, it goes into sleep/suspend mode. All processes are frozen and don't need to access your hard disk anymore. We use this opportunity to clean the keys of your encrypted devices and suspend them as well. Therefore, the data on your hard drive is protected.
When resuming your computer, you must re-enter the password of your encrypted volumes. But then you're just where you've been working before.
To make all this work, we rely on a small kernel patch, the cryptsetup project, initramfs and cgroups2. "Close lid to encrypt" right now focuses on Debian and it derivatives and we plan to bring all code upstream. This effort is funded by the German Prototypefund.
Room: UA2.220 (Guillissen)
Scheduled start: 2020-02-02 08:00:00
Видео Close lid to encrypt Hard disk encryption in Linux suspend mode канала FOSDEM
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![FOSDEM infrastructure review](https://i.ytimg.com/vi/_OlEdpFErXQ/default.jpg)
![Deterministic debugging with Delve And the state of Delve](https://i.ytimg.com/vi/sMnw28M-fMg/default.jpg)
![Support for mini-debuginfo in LLDB How to read the .gnu_debugdata section.](https://i.ytimg.com/vi/7CM8E_rLgEI/default.jpg)
![Postmodern strace](https://i.ytimg.com/vi/dxOYSGouY-0/default.jpg)
![Uplift your Linux systems programming skills with systemd and D-Bus Practical examples and best pra…](https://i.ytimg.com/vi/-bEzHG2u8XA/default.jpg)
![Our road to a k8s/GKE based Closed Build Environment A small journey to an autoscaling build env ba…](https://i.ytimg.com/vi/6U5zWtrnJtk/default.jpg)
![Debugging apps running in Kubernetes An overview of the tooling available](https://i.ytimg.com/vi/yWF6LSBhkpM/default.jpg)
![Maggy: Asynchronous distributed hyperparameter optimization based on Apache Spark Asynchronous algo…](https://i.ytimg.com/vi/Bn-9nL_1CwE/default.jpg)
![cargo deny Fearlessly update your dependencies](https://i.ytimg.com/vi/n23-c7g7Fvs/default.jpg)
![Sharing memories of Python and Rust The story of a lifetime inside Mercurial](https://i.ytimg.com/vi/Kc-cQqQOsw0/default.jpg)
![Efficient Model Selection for Deep Neural Networks on Massively Parallel Processing Databases](https://i.ytimg.com/vi/FSQ_EAOeCzo/default.jpg)
![dav1d: 1 year later dav1d is a fast AV1 decoder](https://i.ytimg.com/vi/wkZ4KfZ7x1k/default.jpg)
![Software distribution: new points of failure In a censored world](https://i.ytimg.com/vi/x6SwxXhZGv4/default.jpg)
![Monitoring strawberries Building observability for indoor farming](https://i.ytimg.com/vi/z7ueRuZYkg8/default.jpg)
![STAC: Search and discovery of geospatial assets Introducing a new cloud-native cataloging specifica…](https://i.ytimg.com/vi/0jmSvlzPWrs/default.jpg)
![Speed up the monolith building a smart reverse proxy in Go](https://i.ytimg.com/vi/M74pzdp9xr4/default.jpg)
![GeoServer Basics](https://i.ytimg.com/vi/SY3mjtVN2Vc/default.jpg)
![Building an open source data lake at scale in the cloud](https://i.ytimg.com/vi/s1ntplHUjz0/default.jpg)
![DAT protocol in the browser: Progress and Challenges](https://i.ytimg.com/vi/GAMiEho88uI/default.jpg)
![Boost.Geometry R-tree - speeding up geographical computation.](https://i.ytimg.com/vi/NoHqZunwQcg/default.jpg)
![GNUnet: A network protocol stack for building secure, distributed, and privacy-preserving applicati…](https://i.ytimg.com/vi/qZYI-3Q1INI/default.jpg)