Linux LUKS Suspend Security Issue
Executive TL;DR:
- Linux 6.9 and later versions do not wipe disk-encryption keys from memory when suspending.
- This could potentially expose sensitive data if an attacker gains access to the system’s memory.
- Users are advised to use hibernate instead of suspend to maintain security.
The Internet’s Verdict: 70% Hyped, 30% Skeptical
Understanding the Issue
Since Linux 6.9, the LUKS suspend feature no longer wipes disk-encryption keys from memory, raising security concerns among users.
Forum Voices
Users have expressed their concerns on forums, with one user stating:
I don’t have to re-enter my boot password after Sleep, so obviously the encryption key is still in memory.
Another user explains the difference between suspend and hibernate:
I don’t see any other way? When you sleep (suspend to RAM), everything is stored in RAM and is encrypted but the master key is present in kernel memory (if I recall correctly). However, if you hibernate (suspend to disk) the entire contents of RAM (including the master key) is written/encrypted to disk and the RAM is cleared. When you wake the machine up you have to re-enter the passphrase to decrypt the master key to re-load disk contents back to memory.
A third user comments on the complexity of Linux:
Definitely not a symptom of Linux being a hodgepodge of code thrown together from a thousand different sources and no one person could tell you how it all fits.
Focus Keyword: Linux LUKS