LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Remotely wiping mobile phones

Remotely wiping mobile phones

Posted Sep 20, 2010 16:13 UTC (Mon) by pkern (subscriber, #32883)
In reply to: Remotely wiping mobile phones by Tet
Parent article: Remotely wiping mobile phones

While this might be true for hibernation (aka suspend to disk), I don't know of a Linux distribution that does it on suspend to RAM.

In theory it could instruct the kernel to wipe the encryption keys from memory at suspend time. However, the whole LUKS cryptsetup infrastructure runs in userspace to verify the correctness of the keys, which would require some parts of userspace in RAM to be working for key input. Chicken, egg.

But then this only applies to full disk encryption / root partition encryption, userspace filesystems like ecryptfs could get triggered to forget the keys and re-prompt the user, I suppose.

(Log in to post comments)

Remotely wiping mobile phones

Posted Sep 28, 2010 13:37 UTC (Tue) by robbe (guest, #16131) [Link]

The plan:
* instruct the kernel to forget device keys before suspending
* run a daemon that is able to ask the user for her passphrase, and reinstate device keys on resume
* run without swap, or mlockall() all participating daemons/applications

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds