Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SED drive issues after suspend #29

Closed
ajeb78 opened this issue Mar 8, 2016 · 3 comments

Comments

@ajeb78
Copy link

commented Mar 8, 2016

I have an Acer Inspire laptop and have replaced the original HDD with a Samsung 850 EVO. I am running Kubuntu 15.10 and have successfully installed sedutil, set up a BIOS-based PBA and generally got encryption working.

So far so good. However, when the laptop wakes up from suspend I get problems. Most executables stop working, the klog contains errors and the only way out is to reboot. After a reboot everything works fine again. I was wondering if the cause of this might be that suspend is totally powering down the drive, thus re-encrypting it so that on wake only the PBA would be available. Does this seem possible / likely? Is OPAL even supposed to work with suspend? And if it is supposed to work, are there certain power management settings I should look for to prevent the SSD being turned off during suspend?

Alternatively, is there a way of decrypting the drive again after the system wakes from suspend? I guess I would need to keep a copy of sedutil in a ramdisk but that's easy enough. Whether the system would accept that the "missing" SSD had returned to life would be another question, I guess.

Anyway, thanks for making such a useful tool.

Regards,

Adrian.

@ajeb78

This comment has been minimized.

Copy link
Author

commented Mar 8, 2016

Edit: I've just seen the note that S3 is not supported. Is this something that can / will be added in the future, or is it simply not compatible?

Are there any power-saving settings short of S3 that can be implemented in this situation, or am I just stuck with cutting power to the screen when the lid is shut?

@r0m30

This comment has been minimized.

Copy link
Contributor

commented Mar 8, 2016

S3 can be supported although it will require a unique solution for each OS, that presents maintenance issues for a small group like ours. I don't expect us to tackle that in the short term. S3 also exposes you to several additional attack vectors.

You can use Hibernation instead of sleep, most modern laptops with a single SSD boot quickly enough that it isn't to much of a problem. If you do go this route and have issues you will need to disable the locking and PBA to determine if your problem is a Linux configuration issue or a sedutil issue.

I usually suggest that you disable locking and the PBA, verify that hibernation is working for your hardware/distro combination and then re-enable locking and the PBA.

@ajeb78

This comment has been minimized.

Copy link
Author

commented Mar 15, 2016

Thanks. The security risk of S3 is acceptable to me - it would be useful around the home when leaving the laptop unused for an hour or so, but I can use S0 [freeze] for that for the time being. Not as much power savings but that's okay. I'm not interested in hibernate, I've found it unreliable on linux in the past and I want to avoid the writes to the SSD; if I'm leaving the laptop for long enough to make hibernate worthwhile I'll just turn it off. I'm looking forward to seeing how the project develops in the future!

@r0m30 r0m30 closed this Mar 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.