diff options
Diffstat (limited to 'Documentation/power')
-rw-r--r-- | Documentation/power/swsusp-dmcrypt.txt | 138 | ||||
-rw-r--r-- | Documentation/power/swsusp.txt | 102 | ||||
-rw-r--r-- | Documentation/power/video.txt | 10 |
3 files changed, 207 insertions, 43 deletions
diff --git a/Documentation/power/swsusp-dmcrypt.txt b/Documentation/power/swsusp-dmcrypt.txt new file mode 100644 index 000000000000..59931b46ff7e --- /dev/null +++ b/Documentation/power/swsusp-dmcrypt.txt | |||
@@ -0,0 +1,138 @@ | |||
1 | Author: Andreas Steinmetz <ast@domdv.de> | ||
2 | |||
3 | |||
4 | How to use dm-crypt and swsusp together: | ||
5 | ======================================== | ||
6 | |||
7 | Some prerequisites: | ||
8 | You know how dm-crypt works. If not, visit the following web page: | ||
9 | http://www.saout.de/misc/dm-crypt/ | ||
10 | You have read Documentation/power/swsusp.txt and understand it. | ||
11 | You did read Documentation/initrd.txt and know how an initrd works. | ||
12 | You know how to create or how to modify an initrd. | ||
13 | |||
14 | Now your system is properly set up, your disk is encrypted except for | ||
15 | the swap device(s) and the boot partition which may contain a mini | ||
16 | system for crypto setup and/or rescue purposes. You may even have | ||
17 | an initrd that does your current crypto setup already. | ||
18 | |||
19 | At this point you want to encrypt your swap, too. Still you want to | ||
20 | be able to suspend using swsusp. This, however, means that you | ||
21 | have to be able to either enter a passphrase or that you read | ||
22 | the key(s) from an external device like a pcmcia flash disk | ||
23 | or an usb stick prior to resume. So you need an initrd, that sets | ||
24 | up dm-crypt and then asks swsusp to resume from the encrypted | ||
25 | swap device. | ||
26 | |||
27 | The most important thing is that you set up dm-crypt in such | ||
28 | a way that the swap device you suspend to/resume from has | ||
29 | always the same major/minor within the initrd as well as | ||
30 | within your running system. The easiest way to achieve this is | ||
31 | to always set up this swap device first with dmsetup, so that | ||
32 | it will always look like the following: | ||
33 | |||
34 | brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0 | ||
35 | |||
36 | Now set up your kernel to use /dev/mapper/swap0 as the default | ||
37 | resume partition, so your kernel .config contains: | ||
38 | |||
39 | CONFIG_PM_STD_PARTITION="/dev/mapper/swap0" | ||
40 | |||
41 | Prepare your boot loader to use the initrd you will create or | ||
42 | modify. For lilo the simplest setup looks like the following | ||
43 | lines: | ||
44 | |||
45 | image=/boot/vmlinuz | ||
46 | initrd=/boot/initrd.gz | ||
47 | label=linux | ||
48 | append="root=/dev/ram0 init=/linuxrc rw" | ||
49 | |||
50 | Finally you need to create or modify your initrd. Lets assume | ||
51 | you create an initrd that reads the required dm-crypt setup | ||
52 | from a pcmcia flash disk card. The card is formatted with an ext2 | ||
53 | fs which resides on /dev/hde1 when the card is inserted. The | ||
54 | card contains at least the encrypted swap setup in a file | ||
55 | named "swapkey". /etc/fstab of your initrd contains something | ||
56 | like the following: | ||
57 | |||
58 | /dev/hda1 /mnt ext3 ro 0 0 | ||
59 | none /proc proc defaults,noatime,nodiratime 0 0 | ||
60 | none /sys sysfs defaults,noatime,nodiratime 0 0 | ||
61 | |||
62 | /dev/hda1 contains an unencrypted mini system that sets up all | ||
63 | of your crypto devices, again by reading the setup from the | ||
64 | pcmcia flash disk. What follows now is a /linuxrc for your | ||
65 | initrd that allows you to resume from encrypted swap and that | ||
66 | continues boot with your mini system on /dev/hda1 if resume | ||
67 | does not happen: | ||
68 | |||
69 | #!/bin/sh | ||
70 | PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
71 | mount /proc | ||
72 | mount /sys | ||
73 | mapped=0 | ||
74 | noresume=`grep -c noresume /proc/cmdline` | ||
75 | if [ "$*" != "" ] | ||
76 | then | ||
77 | noresume=1 | ||
78 | fi | ||
79 | dmesg -n 1 | ||
80 | /sbin/cardmgr -q | ||
81 | for i in 1 2 3 4 5 6 7 8 9 0 | ||
82 | do | ||
83 | if [ -f /proc/ide/hde/media ] | ||
84 | then | ||
85 | usleep 500000 | ||
86 | mount -t ext2 -o ro /dev/hde1 /mnt | ||
87 | if [ -f /mnt/swapkey ] | ||
88 | then | ||
89 | dmsetup create swap0 /mnt/swapkey > /dev/null 2>&1 && mapped=1 | ||
90 | fi | ||
91 | umount /mnt | ||
92 | break | ||
93 | fi | ||
94 | usleep 500000 | ||
95 | done | ||
96 | killproc /sbin/cardmgr | ||
97 | dmesg -n 6 | ||
98 | if [ $mapped = 1 ] | ||
99 | then | ||
100 | if [ $noresume != 0 ] | ||
101 | then | ||
102 | mkswap /dev/mapper/swap0 > /dev/null 2>&1 | ||
103 | fi | ||
104 | echo 254:0 > /sys/power/resume | ||
105 | dmsetup remove swap0 | ||
106 | fi | ||
107 | umount /sys | ||
108 | mount /mnt | ||
109 | umount /proc | ||
110 | cd /mnt | ||
111 | pivot_root . mnt | ||
112 | mount /proc | ||
113 | umount -l /mnt | ||
114 | umount /proc | ||
115 | exec chroot . /sbin/init $* < dev/console > dev/console 2>&1 | ||
116 | |||
117 | Please don't mind the weird loop above, busybox's msh doesn't know | ||
118 | the let statement. Now, what is happening in the script? | ||
119 | First we have to decide if we want to try to resume, or not. | ||
120 | We will not resume if booting with "noresume" or any parameters | ||
121 | for init like "single" or "emergency" as boot parameters. | ||
122 | |||
123 | Then we need to set up dmcrypt with the setup data from the | ||
124 | pcmcia flash disk. If this succeeds we need to reset the swap | ||
125 | device if we don't want to resume. The line "echo 254:0 > /sys/power/resume" | ||
126 | then attempts to resume from the first device mapper device. | ||
127 | Note that it is important to set the device in /sys/power/resume, | ||
128 | regardless if resuming or not, otherwise later suspend will fail. | ||
129 | If resume starts, script execution terminates here. | ||
130 | |||
131 | Otherwise we just remove the encrypted swap device and leave it to the | ||
132 | mini system on /dev/hda1 to set the whole crypto up (it is up to | ||
133 | you to modify this to your taste). | ||
134 | |||
135 | What then follows is the well known process to change the root | ||
136 | file system and continue booting from there. I prefer to unmount | ||
137 | the initrd prior to continue booting but it is up to you to modify | ||
138 | this. | ||
diff --git a/Documentation/power/swsusp.txt b/Documentation/power/swsusp.txt index 7a6b78966459..b0d50840788e 100644 --- a/Documentation/power/swsusp.txt +++ b/Documentation/power/swsusp.txt | |||
@@ -1,22 +1,20 @@ | |||
1 | From kernel/suspend.c: | 1 | Some warnings, first. |
2 | 2 | ||
3 | * BIG FAT WARNING ********************************************************* | 3 | * BIG FAT WARNING ********************************************************* |
4 | * | 4 | * |
5 | * If you have unsupported (*) devices using DMA... | ||
6 | * ...say goodbye to your data. | ||
7 | * | ||
8 | * If you touch anything on disk between suspend and resume... | 5 | * If you touch anything on disk between suspend and resume... |
9 | * ...kiss your data goodbye. | 6 | * ...kiss your data goodbye. |
10 | * | 7 | * |
11 | * If your disk driver does not support suspend... (IDE does) | 8 | * If you do resume from initrd after your filesystems are mounted... |
12 | * ...you'd better find out how to get along | 9 | * ...bye bye root partition. |
13 | * without your data. | 10 | * [this is actually same case as above] |
14 | * | ||
15 | * If you change kernel command line between suspend and resume... | ||
16 | * ...prepare for nasty fsck or worse. | ||
17 | * | 11 | * |
18 | * If you change your hardware while system is suspended... | 12 | * If you have unsupported (*) devices using DMA, you may have some |
19 | * ...well, it was not good idea. | 13 | * problems. If your disk driver does not support suspend... (IDE does), |
14 | * it may cause some problems, too. If you change kernel command line | ||
15 | * between suspend and resume, it may do something wrong. If you change | ||
16 | * your hardware while system is suspended... well, it was not good idea; | ||
17 | * but it will probably only crash. | ||
20 | * | 18 | * |
21 | * (*) suspend/resume support is needed to make it safe. | 19 | * (*) suspend/resume support is needed to make it safe. |
22 | 20 | ||
@@ -30,6 +28,13 @@ echo shutdown > /sys/power/disk; echo disk > /sys/power/state | |||
30 | echo platform > /sys/power/disk; echo disk > /sys/power/state | 28 | echo platform > /sys/power/disk; echo disk > /sys/power/state |
31 | 29 | ||
32 | 30 | ||
31 | Encrypted suspend image: | ||
32 | ------------------------ | ||
33 | If you want to store your suspend image encrypted with a temporary | ||
34 | key to prevent data gathering after resume you must compile | ||
35 | crypto and the aes algorithm into the kernel - modules won't work | ||
36 | as they cannot be loaded at resume time. | ||
37 | |||
33 | 38 | ||
34 | Article about goals and implementation of Software Suspend for Linux | 39 | Article about goals and implementation of Software Suspend for Linux |
35 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 40 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
@@ -85,11 +90,6 @@ resume. | |||
85 | You have your server on UPS. Power died, and UPS is indicating 30 | 90 | You have your server on UPS. Power died, and UPS is indicating 30 |
86 | seconds to failure. What do you do? Suspend to disk. | 91 | seconds to failure. What do you do? Suspend to disk. |
87 | 92 | ||
88 | Ethernet card in your server died. You want to replace it. Your | ||
89 | server is not hotplug capable. What do you do? Suspend to disk, | ||
90 | replace ethernet card, resume. If you are fast your users will not | ||
91 | even see broken connections. | ||
92 | |||
93 | 93 | ||
94 | Q: Maybe I'm missing something, but why don't the regular I/O paths work? | 94 | Q: Maybe I'm missing something, but why don't the regular I/O paths work? |
95 | 95 | ||
@@ -117,31 +117,6 @@ Q: Does linux support ACPI S4? | |||
117 | 117 | ||
118 | A: Yes. That's what echo platform > /sys/power/disk does. | 118 | A: Yes. That's what echo platform > /sys/power/disk does. |
119 | 119 | ||
120 | Q: My machine doesn't work with ACPI. How can I use swsusp than ? | ||
121 | |||
122 | A: Do a reboot() syscall with right parameters. Warning: glibc gets in | ||
123 | its way, so check with strace: | ||
124 | |||
125 | reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, 0xd000fce2) | ||
126 | |||
127 | (Thanks to Peter Osterlund:) | ||
128 | |||
129 | #include <unistd.h> | ||
130 | #include <syscall.h> | ||
131 | |||
132 | #define LINUX_REBOOT_MAGIC1 0xfee1dead | ||
133 | #define LINUX_REBOOT_MAGIC2 672274793 | ||
134 | #define LINUX_REBOOT_CMD_SW_SUSPEND 0xD000FCE2 | ||
135 | |||
136 | int main() | ||
137 | { | ||
138 | syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, | ||
139 | LINUX_REBOOT_CMD_SW_SUSPEND, 0); | ||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | Also /sys/ interface should be still present. | ||
144 | |||
145 | Q: What is 'suspend2'? | 120 | Q: What is 'suspend2'? |
146 | 121 | ||
147 | A: suspend2 is 'Software Suspend 2', a forked implementation of | 122 | A: suspend2 is 'Software Suspend 2', a forked implementation of |
@@ -311,3 +286,46 @@ As a rule of thumb use encrypted swap to protect your data while your | |||
311 | system is shut down or suspended. Additionally use the encrypted | 286 | system is shut down or suspended. Additionally use the encrypted |
312 | suspend image to prevent sensitive data from being stolen after | 287 | suspend image to prevent sensitive data from being stolen after |
313 | resume. | 288 | resume. |
289 | |||
290 | Q: Why can't we suspend to a swap file? | ||
291 | |||
292 | A: Because accessing swap file needs the filesystem mounted, and | ||
293 | filesystem might do something wrong (like replaying the journal) | ||
294 | during mount. | ||
295 | |||
296 | There are few ways to get that fixed: | ||
297 | |||
298 | 1) Probably could be solved by modifying every filesystem to support | ||
299 | some kind of "really read-only!" option. Patches welcome. | ||
300 | |||
301 | 2) suspend2 gets around that by storing absolute positions in on-disk | ||
302 | image (and blocksize), with resume parameter pointing directly to | ||
303 | suspend header. | ||
304 | |||
305 | Q: Is there a maximum system RAM size that is supported by swsusp? | ||
306 | |||
307 | A: It should work okay with highmem. | ||
308 | |||
309 | Q: Does swsusp (to disk) use only one swap partition or can it use | ||
310 | multiple swap partitions (aggregate them into one logical space)? | ||
311 | |||
312 | A: Only one swap partition, sorry. | ||
313 | |||
314 | Q: If my application(s) causes lots of memory & swap space to be used | ||
315 | (over half of the total system RAM), is it correct that it is likely | ||
316 | to be useless to try to suspend to disk while that app is running? | ||
317 | |||
318 | A: No, it should work okay, as long as your app does not mlock() | ||
319 | it. Just prepare big enough swap partition. | ||
320 | |||
321 | Q: What information is usefull for debugging suspend-to-disk problems? | ||
322 | |||
323 | A: Well, last messages on the screen are always useful. If something | ||
324 | is broken, it is usually some kernel driver, therefore trying with as | ||
325 | little as possible modules loaded helps a lot. I also prefer people to | ||
326 | suspend from console, preferably without X running. Booting with | ||
327 | init=/bin/bash, then swapon and starting suspend sequence manually | ||
328 | usually does the trick. Then it is good idea to try with latest | ||
329 | vanilla kernel. | ||
330 | |||
331 | |||
diff --git a/Documentation/power/video.txt b/Documentation/power/video.txt index 7a4a5036d123..526d6dd267ea 100644 --- a/Documentation/power/video.txt +++ b/Documentation/power/video.txt | |||
@@ -46,6 +46,12 @@ There are a few types of systems where video works after S3 resume: | |||
46 | POSTing bios works. Ole Rohne has patch to do just that at | 46 | POSTing bios works. Ole Rohne has patch to do just that at |
47 | http://dev.gentoo.org/~marineam/patch-radeonfb-2.6.11-rc2-mm2. | 47 | http://dev.gentoo.org/~marineam/patch-radeonfb-2.6.11-rc2-mm2. |
48 | 48 | ||
49 | (8) on some systems, you can use the video_post utility mentioned here: | ||
50 | http://bugzilla.kernel.org/show_bug.cgi?id=3670. Do echo 3 > /sys/power/state | ||
51 | && /usr/sbin/video_post - which will initialize the display in console mode. | ||
52 | If you are in X, you can switch to a virtual terminal and back to X using | ||
53 | CTRL+ALT+F1 - CTRL+ALT+F7 to get the display working in graphical mode again. | ||
54 | |||
49 | Now, if you pass acpi_sleep=something, and it does not work with your | 55 | Now, if you pass acpi_sleep=something, and it does not work with your |
50 | bios, you'll get a hard crash during resume. Be careful. Also it is | 56 | bios, you'll get a hard crash during resume. Be careful. Also it is |
51 | safest to do your experiments with plain old VGA console. The vesafb | 57 | safest to do your experiments with plain old VGA console. The vesafb |
@@ -64,7 +70,8 @@ Model hack (or "how to do it") | |||
64 | ------------------------------------------------------------------------------ | 70 | ------------------------------------------------------------------------------ |
65 | Acer Aspire 1406LC ole's late BIOS init (7), turn off DRI | 71 | Acer Aspire 1406LC ole's late BIOS init (7), turn off DRI |
66 | Acer TM 242FX vbetool (6) | 72 | Acer TM 242FX vbetool (6) |
67 | Acer TM C300 vga=normal (only suspend on console, not in X), vbetool (6) | 73 | Acer TM C110 video_post (8) |
74 | Acer TM C300 vga=normal (only suspend on console, not in X), vbetool (6) or video_post (8) | ||
68 | Acer TM 4052LCi s3_bios (2) | 75 | Acer TM 4052LCi s3_bios (2) |
69 | Acer TM 636Lci s3_bios vga=normal (2) | 76 | Acer TM 636Lci s3_bios vga=normal (2) |
70 | Acer TM 650 (Radeon M7) vga=normal plus boot-radeon (5) gets text console back | 77 | Acer TM 650 (Radeon M7) vga=normal plus boot-radeon (5) gets text console back |
@@ -113,6 +120,7 @@ IBM ThinkPad T42p (2373-GTG) s3_bios (2) | |||
113 | IBM TP X20 ??? (*) | 120 | IBM TP X20 ??? (*) |
114 | IBM TP X30 s3_bios (2) | 121 | IBM TP X30 s3_bios (2) |
115 | IBM TP X31 / Type 2672-XXH none (1), use radeontool (http://fdd.com/software/radeon/) to turn off backlight. | 122 | IBM TP X31 / Type 2672-XXH none (1), use radeontool (http://fdd.com/software/radeon/) to turn off backlight. |
123 | IBM TP X32 none (1), but backlight is on and video is trashed after long suspend | ||
116 | IBM Thinkpad X40 Type 2371-7JG s3_bios,s3_mode (4) | 124 | IBM Thinkpad X40 Type 2371-7JG s3_bios,s3_mode (4) |
117 | Medion MD4220 ??? (*) | 125 | Medion MD4220 ??? (*) |
118 | Samsung P35 vbetool needed (6) | 126 | Samsung P35 vbetool needed (6) |