mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 10:50:01 +01:00
44c6a76b09
It should not be expected that suspend operation wipes possible plaintext data from memory. Related: #855
38 lines
1.0 KiB
Plaintext
38 lines
1.0 KiB
Plaintext
= cryptsetup-luksSuspend(8)
|
|
:doctype: manpage
|
|
:manmanual: Maintenance Commands
|
|
:mansource: cryptsetup {release-version}
|
|
:man-linkstyle: pass:[blue R < >]
|
|
:COMMON_OPTIONS:
|
|
:ACTION_LUKSSUSPEND:
|
|
|
|
== Name
|
|
|
|
cryptsetup-luksSuspend - suspends an active device and wipes the key
|
|
|
|
== SYNOPSIS
|
|
|
|
*cryptsetup _luksSuspend_ [<options>] <name>*
|
|
|
|
== DESCRIPTION
|
|
|
|
Suspends an active device (all IO operations will block and accesses to
|
|
the device will wait indefinitely) and wipes the encryption key from
|
|
kernel memory. Needs kernel 2.6.19 or later.
|
|
|
|
While the _luksSuspend_ operation wipes encryption keys from memory,
|
|
it does not remove possible plaintext data in various caches or in-kernel
|
|
metadata for mounted filesystems.
|
|
|
|
After this operation, you have to use _luksResume_ to reinstate the
|
|
encryption key and unblock the device or _close_ to remove the mapped
|
|
device.
|
|
|
|
*<options>* can be [--header, --disable-locks].
|
|
|
|
*WARNING:* Never suspend the device on which the cryptsetup binary
|
|
resides.
|
|
|
|
include::man/common_options.adoc[]
|
|
include::man/common_footer.adoc[]
|