Linux Gets Experimental Support For In-Kernel Hibernation Encryption

Written by Michael Larabel in Linux Kernel on 20 June 2018 at 06:12 AM EDT. 8 Comments
LINUX KERNEL
Intel's Chen Yu has sent out a set of patches providing experimental support for in-kernel encryption support for hibernation.

In particular, this encryption support is about encrypting the hibernation image that is saved to the disk for the hibernation process. There are third-party ways to encrypt the hibernation image with an encrypted SWAP while this new code thanks to Intel is integrated within the kernel. Besides the kernel bits are also user-space code needed for generating the encryption key.
1. The user space reads the salt from kernel and generates a symmetrical (AES) key based on user passphrase. Then the kernel uses that key to encrypt the hibernation image.
2. The salt will be saved in image header and passed to the restore kernel.
3. During restore, the userspace reads the salt from the kernel and probe passphrase from the user to generate the same key and pass that key back to kernel.
4. The restore kernel uses that key to decrypt the image.

The proposed crypto_hibernate user-space component uses a 512-bit AES key. This "request for comments" code for encrypted hibernation support in the kernel can be found via the kernel mailing list.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week