Since Linux 6.9 (May 2024), the LUKS encryption key remained resident in memory across suspend

14 points by PuercoPop


jss

This is specifically talking about the luksSuspend hook, which can be called before the system goes to sleep (suspends), to lock the drive whilst still keeping all other state in RAM.

Confused me a bit, because I expected the behavior to be that the LUKS key remains in RAM while a system sleeping. Admittedly I usually power down my laptop completely between uses, so I've never looked into this

ecksdee

Is this default behavior? Because I would assume you'd need to re-enter the key after resuming from suspend