User: Password:
Subscribe / Log in / New account

Remotely wiping mobile phones

Remotely wiping mobile phones

Posted Sep 20, 2010 16:13 UTC (Mon) by pkern (subscriber, #32883)
In reply to: Remotely wiping mobile phones by Tet
Parent article: Remotely wiping mobile phones

While this might be true for hibernation (aka suspend to disk), I don't know of a Linux distribution that does it on suspend to RAM.

In theory it could instruct the kernel to wipe the encryption keys from memory at suspend time. However, the whole LUKS cryptsetup infrastructure runs in userspace to verify the correctness of the keys, which would require some parts of userspace in RAM to be working for key input. Chicken, egg.

But then this only applies to full disk encryption / root partition encryption, userspace filesystems like ecryptfs could get triggered to forget the keys and re-prompt the user, I suppose.

(Log in to post comments)

Remotely wiping mobile phones

Posted Sep 28, 2010 13:37 UTC (Tue) by robbe (guest, #16131) [Link]

The plan:
* instruct the kernel to forget device keys before suspending
* run a daemon that is able to ask the user for her passphrase, and reinstate device keys on resume
* run without swap, or mlockall() all participating daemons/applications

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds