-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A key is available in a virtual machine memory dump #2
Comments
Hi @itdoginfo, The purpose of luks-suspend is to close an encrypted luks volume when suspending to ram, and then to open it when resuming from S3 sleep. It is a wrapper around the luks cryptsetup tool. If this software is running as expected, the key should not be in memory while the machine is suspended. How did you suspend the VM? Did you use the xfce gui, run systemctl suspend, execute a virsh suspend command, or something else? Thanks for your assistance! |
Hello!
|
@itdoginfo I think the problem here is, that you're not suspending the machine in Linux terms. You just suspend it with libvirt. Therefore, the closing of luks volumes never actually happens. Could this be the case? Do you have to enter the luks password when you're resuming the machine? |
Thanks @t2d! For a bit more context: The proper way to trigger a suspend from virsh is to run In order to get a proper memory dump of the suspended state, you would need to suspend from inside the guest using |
Salute! Will it work on Debian 9.11? |
Hi @Stephanie8887 ! It should, but be prepared for occasional freezes on suspend as this code is still in the testing stages, even with a recompiled kernel as described in the README. On the positive side, this kernel patch has recently been submitted for review, so if it's approved, recompiling the kernel would no longer be necessary for a good experience :) |
I use kvm on Ubuntu 18.04, VM with Debian 10 and 9. Tried with xfce and no gui, if that makes sense.
During installation Debian, encrypted the disk. Nothing special, lvm + luks.
When the system is loaded, I make memory dump
And find aes in dump
Then install debian-luks-suspend, doing reboot
Enter pass and repeat
As you can see, the key is still available. I was able to open an encrypted container by converting this key.
I also tried to suspend the VM and make dump. The result is the same
Maybe I misunderstood the purpose of luks-suspend?
Let me know if you need any details
The text was updated successfully, but these errors were encountered: