Summary

Currently home encryption turns on swap encryption. However, since a random boot password is used, it is not possible to resume from hibernation. Normal boot should not require any user input. Resume from hibernation should require any recently logged-in user to type in their password.

Release Note

After turning on encrypted swap with hibernation support, the user will have to enter their login password to resume from hibernation.

Rationale

Hibernation should work.

User stories

Jane chooses encrypted home directory as an install option. After computer is installed, Jane logs in, then hibernates the computer. Jane resumes the computer at a later time, and enters her own login password when prompted by the resume process.

Jane changes her password. When she hibernates/resumes she enters the new password, not her original.

Jane reboots the computer. No input is required for booting.

Assumptions

Only one swap device is configured.

Design

On install, swap is set up with LUKS encryption. The swap device is /dev/mapper/cryptswap1.

On boot:

On shutdown:

On local login:

On change password:

Implementation

UI Changes

Change initramfs config to handle asking user for swap password when needed.

Code Changes

New pam module to handle local login and password change.

Migration

Write script to migrate to this setup from:

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.


CategorySpec

EncryptedSwapWithHibernationSupport (last edited 2009-09-18 23:58:13 by niftybox)