diff options
Diffstat (limited to 'Documentation/power/swsusp.txt')
-rw-r--r-- | Documentation/power/swsusp.txt | 83 |
1 files changed, 81 insertions, 2 deletions
diff --git a/Documentation/power/swsusp.txt b/Documentation/power/swsusp.txt index 4e1627cc5b51..7a6b78966459 100644 --- a/Documentation/power/swsusp.txt +++ b/Documentation/power/swsusp.txt | |||
@@ -164,10 +164,11 @@ place where the thread is safe to be frozen (no kernel semaphores | |||
164 | should be held at that point and it must be safe to sleep there), and | 164 | should be held at that point and it must be safe to sleep there), and |
165 | add: | 165 | add: |
166 | 166 | ||
167 | try_to_freeze(); | 167 | try_to_freeze(); |
168 | 168 | ||
169 | If the thread is needed for writing the image to storage, you should | 169 | If the thread is needed for writing the image to storage, you should |
170 | instead set the PF_NOFREEZE process flag when creating the thread. | 170 | instead set the PF_NOFREEZE process flag when creating the thread (and |
171 | be very carefull). | ||
171 | 172 | ||
172 | 173 | ||
173 | Q: What is the difference between between "platform", "shutdown" and | 174 | Q: What is the difference between between "platform", "shutdown" and |
@@ -232,3 +233,81 @@ A: Try running | |||
232 | cat `cat /proc/[0-9]*/maps | grep / | sed 's:.* /:/:' | sort -u` > /dev/null | 233 | cat `cat /proc/[0-9]*/maps | grep / | sed 's:.* /:/:' | sort -u` > /dev/null |
233 | 234 | ||
234 | after resume. swapoff -a; swapon -a may also be usefull. | 235 | after resume. swapoff -a; swapon -a may also be usefull. |
236 | |||
237 | Q: What happens to devices during swsusp? They seem to be resumed | ||
238 | during system suspend? | ||
239 | |||
240 | A: That's correct. We need to resume them if we want to write image to | ||
241 | disk. Whole sequence goes like | ||
242 | |||
243 | Suspend part | ||
244 | ~~~~~~~~~~~~ | ||
245 | running system, user asks for suspend-to-disk | ||
246 | |||
247 | user processes are stopped | ||
248 | |||
249 | suspend(PMSG_FREEZE): devices are frozen so that they don't interfere | ||
250 | with state snapshot | ||
251 | |||
252 | state snapshot: copy of whole used memory is taken with interrupts disabled | ||
253 | |||
254 | resume(): devices are woken up so that we can write image to swap | ||
255 | |||
256 | write image to swap | ||
257 | |||
258 | suspend(PMSG_SUSPEND): suspend devices so that we can power off | ||
259 | |||
260 | turn the power off | ||
261 | |||
262 | Resume part | ||
263 | ~~~~~~~~~~~ | ||
264 | (is actually pretty similar) | ||
265 | |||
266 | running system, user asks for suspend-to-disk | ||
267 | |||
268 | user processes are stopped (in common case there are none, but with resume-from-initrd, noone knows) | ||
269 | |||
270 | read image from disk | ||
271 | |||
272 | suspend(PMSG_FREEZE): devices are frozen so that they don't interfere | ||
273 | with image restoration | ||
274 | |||
275 | image restoration: rewrite memory with image | ||
276 | |||
277 | resume(): devices are woken up so that system can continue | ||
278 | |||
279 | thaw all user processes | ||
280 | |||
281 | Q: What is this 'Encrypt suspend image' for? | ||
282 | |||
283 | A: First of all: it is not a replacement for dm-crypt encrypted swap. | ||
284 | It cannot protect your computer while it is suspended. Instead it does | ||
285 | protect from leaking sensitive data after resume from suspend. | ||
286 | |||
287 | Think of the following: you suspend while an application is running | ||
288 | that keeps sensitive data in memory. The application itself prevents | ||
289 | the data from being swapped out. Suspend, however, must write these | ||
290 | data to swap to be able to resume later on. Without suspend encryption | ||
291 | your sensitive data are then stored in plaintext on disk. This means | ||
292 | that after resume your sensitive data are accessible to all | ||
293 | applications having direct access to the swap device which was used | ||
294 | for suspend. If you don't need swap after resume these data can remain | ||
295 | on disk virtually forever. Thus it can happen that your system gets | ||
296 | broken in weeks later and sensitive data which you thought were | ||
297 | encrypted and protected are retrieved and stolen from the swap device. | ||
298 | To prevent this situation you should use 'Encrypt suspend image'. | ||
299 | |||
300 | During suspend a temporary key is created and this key is used to | ||
301 | encrypt the data written to disk. When, during resume, the data was | ||
302 | read back into memory the temporary key is destroyed which simply | ||
303 | means that all data written to disk during suspend are then | ||
304 | inaccessible so they can't be stolen later on. The only thing that | ||
305 | you must then take care of is that you call 'mkswap' for the swap | ||
306 | partition used for suspend as early as possible during regular | ||
307 | boot. This asserts that any temporary key from an oopsed suspend or | ||
308 | from a failed or aborted resume is erased from the swap device. | ||
309 | |||
310 | As a rule of thumb use encrypted swap to protect your data while your | ||
311 | system is shut down or suspended. Additionally use the encrypted | ||
312 | suspend image to prevent sensitive data from being stolen after | ||
313 | resume. | ||