aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/power/swsusp.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/power/swsusp.txt')
-rw-r--r--Documentation/power/swsusp.txt83
1 files changed, 81 insertions, 2 deletions
diff --git a/Documentation/power/swsusp.txt b/Documentation/power/swsusp.txt
index 4e1627cc5b51..7a6b78966459 100644
--- a/Documentation/power/swsusp.txt
+++ b/Documentation/power/swsusp.txt
@@ -164,10 +164,11 @@ place where the thread is safe to be frozen (no kernel semaphores
164should be held at that point and it must be safe to sleep there), and 164should be held at that point and it must be safe to sleep there), and
165add: 165add:
166 166
167 try_to_freeze(); 167 try_to_freeze();
168 168
169If the thread is needed for writing the image to storage, you should 169If the thread is needed for writing the image to storage, you should
170instead set the PF_NOFREEZE process flag when creating the thread. 170instead set the PF_NOFREEZE process flag when creating the thread (and
171be very carefull).
171 172
172 173
173Q: What is the difference between between "platform", "shutdown" and 174Q: What is the difference between between "platform", "shutdown" and
@@ -232,3 +233,81 @@ A: Try running
232cat `cat /proc/[0-9]*/maps | grep / | sed 's:.* /:/:' | sort -u` > /dev/null 233cat `cat /proc/[0-9]*/maps | grep / | sed 's:.* /:/:' | sort -u` > /dev/null
233 234
234after resume. swapoff -a; swapon -a may also be usefull. 235after resume. swapoff -a; swapon -a may also be usefull.
236
237Q: What happens to devices during swsusp? They seem to be resumed
238during system suspend?
239
240A: That's correct. We need to resume them if we want to write image to
241disk. Whole sequence goes like
242
243 Suspend part
244 ~~~~~~~~~~~~
245 running system, user asks for suspend-to-disk
246
247 user processes are stopped
248
249 suspend(PMSG_FREEZE): devices are frozen so that they don't interfere
250 with state snapshot
251
252 state snapshot: copy of whole used memory is taken with interrupts disabled
253
254 resume(): devices are woken up so that we can write image to swap
255
256 write image to swap
257
258 suspend(PMSG_SUSPEND): suspend devices so that we can power off
259
260 turn the power off
261
262 Resume part
263 ~~~~~~~~~~~
264 (is actually pretty similar)
265
266 running system, user asks for suspend-to-disk
267
268 user processes are stopped (in common case there are none, but with resume-from-initrd, noone knows)
269
270 read image from disk
271
272 suspend(PMSG_FREEZE): devices are frozen so that they don't interfere
273 with image restoration
274
275 image restoration: rewrite memory with image
276
277 resume(): devices are woken up so that system can continue
278
279 thaw all user processes
280
281Q: What is this 'Encrypt suspend image' for?
282
283A: First of all: it is not a replacement for dm-crypt encrypted swap.
284It cannot protect your computer while it is suspended. Instead it does
285protect from leaking sensitive data after resume from suspend.
286
287Think of the following: you suspend while an application is running
288that keeps sensitive data in memory. The application itself prevents
289the data from being swapped out. Suspend, however, must write these
290data to swap to be able to resume later on. Without suspend encryption
291your sensitive data are then stored in plaintext on disk. This means
292that after resume your sensitive data are accessible to all
293applications having direct access to the swap device which was used
294for suspend. If you don't need swap after resume these data can remain
295on disk virtually forever. Thus it can happen that your system gets
296broken in weeks later and sensitive data which you thought were
297encrypted and protected are retrieved and stolen from the swap device.
298To prevent this situation you should use 'Encrypt suspend image'.
299
300During suspend a temporary key is created and this key is used to
301encrypt the data written to disk. When, during resume, the data was
302read back into memory the temporary key is destroyed which simply
303means that all data written to disk during suspend are then
304inaccessible so they can't be stolen later on. The only thing that
305you must then take care of is that you call 'mkswap' for the swap
306partition used for suspend as early as possible during regular
307boot. This asserts that any temporary key from an oopsed suspend or
308from a failed or aborted resume is erased from the swap device.
309
310As a rule of thumb use encrypted swap to protect your data while your
311system is shut down or suspended. Additionally use the encrypted
312suspend image to prevent sensitive data from being stolen after
313resume.