In theory it could instruct the kernel to wipe the encryption keys from memory at suspend time. However, the whole LUKS cryptsetup infrastructure runs in userspace to verify the correctness of the keys, which would require some parts of userspace in RAM to be working for key input. Chicken, egg.
But then this only applies to full disk encryption / root partition encryption, userspace filesystems like ecryptfs could get triggered to forget the keys and re-prompt the user, I suppose.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds