Full-Disk Encryption LUKS and Locked-Screen

Hi, Nathan!

there are some tools, that are supposed to unmount LUKS encrypted partitions, and wipe the encryption keys from memory, when the screen is locked (or system suspended). – Have you ever had tried one of these? Do they really reliably protect disk-encryption keys?

E.g. the yubikey-luks module (Cornelinux) you mentioned in the course (Vol2) can do that too. And also this for Ubuntu ubuntu-luks-suspend (zhongfu), which yubikey-luks is based on.

The use of full-disk encryption is really limited, if it does not work, when screen is locked. If such modules can really remove the keys from memory, the value of full-disk encryption would be highly elevated!

What do you think of such modules?

Cheers,

 Dan

Hi, The ubuntu-luks-suspend is good in this case but the author of the tool has archived the project. I don’t know if it works as intended without any issues or not. I have found this article to be helpful than others: How to make suspend to RAM secure on Ubuntu with full disk encryption (LVM on top of LUKS)? - Super User. To answer your question about whether these modules are good or not then yes they are. luksSuspend and luksResume was added to LUKS to achieve this.

Thanks! If these modules work reliably, the respective course sections could be updated to mention them (at least briefly)!

Thanks for the feedback. We will update it