Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SED drive issues after suspend #29
I have an Acer Inspire laptop and have replaced the original HDD with a Samsung 850 EVO. I am running Kubuntu 15.10 and have successfully installed sedutil, set up a BIOS-based PBA and generally got encryption working.
So far so good. However, when the laptop wakes up from suspend I get problems. Most executables stop working, the klog contains errors and the only way out is to reboot. After a reboot everything works fine again. I was wondering if the cause of this might be that suspend is totally powering down the drive, thus re-encrypting it so that on wake only the PBA would be available. Does this seem possible / likely? Is OPAL even supposed to work with suspend? And if it is supposed to work, are there certain power management settings I should look for to prevent the SSD being turned off during suspend?
Alternatively, is there a way of decrypting the drive again after the system wakes from suspend? I guess I would need to keep a copy of sedutil in a ramdisk but that's easy enough. Whether the system would accept that the "missing" SSD had returned to life would be another question, I guess.
Anyway, thanks for making such a useful tool.
Edit: I've just seen the note that S3 is not supported. Is this something that can / will be added in the future, or is it simply not compatible?
Are there any power-saving settings short of S3 that can be implemented in this situation, or am I just stuck with cutting power to the screen when the lid is shut?
S3 can be supported although it will require a unique solution for each OS, that presents maintenance issues for a small group like ours. I don't expect us to tackle that in the short term. S3 also exposes you to several additional attack vectors.
You can use Hibernation instead of sleep, most modern laptops with a single SSD boot quickly enough that it isn't to much of a problem. If you do go this route and have issues you will need to disable the locking and PBA to determine if your problem is a Linux configuration issue or a sedutil issue.
I usually suggest that you disable locking and the PBA, verify that hibernation is working for your hardware/distro combination and then re-enable locking and the PBA.
Thanks. The security risk of S3 is acceptable to me - it would be useful around the home when leaving the laptop unused for an hour or so, but I can use S0 [freeze] for that for the time being. Not as much power savings but that's okay. I'm not interested in hibernate, I've found it unreliable on linux in the past and I want to avoid the writes to the SSD; if I'm leaving the laptop for long enough to make hibernate worthwhile I'll just turn it off. I'm looking forward to seeing how the project develops in the future!