| ... | ... | @@ -6,23 +6,42 @@ |
|
|
|
* [How to run on Debian stable](How-to-run-on-Debian-stable)
|
|
|
|
* [How to run on Ubuntu 19.10](How-to-run-on-Ubuntu-19.10)
|
|
|
|
|
|
|
|
## Useful commands
|
|
|
|
|
|
|
|
### Test suspend via commandline (don't run in display server)
|
|
|
|
```
|
|
|
|
systemd-run --scope sh -x /lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
|
|
|
|
```
|
|
|
|
|
|
|
|
### Forward journald to serial console
|
|
|
|
```
|
|
|
|
# /etc/systemd/journald.conf
|
|
|
|
ForwardToConsole=yes
|
|
|
|
TTYPath=/dev/ttyS0
|
|
|
|
```
|
|
|
|
|
|
|
|
### Listen to serial of vm on host machine
|
|
|
|
|
|
|
|
```
|
|
|
|
socat -,icanon=0,echo=0,isig=0 /tmp/console.socket
|
|
|
|
``
|
|
|
|
|
|
|
|
## Roadmap
|
|
|
|
|
|
|
|
0. [x] Merge old WIP branches to master
|
|
|
|
1. [ ] Suspend race condition
|
|
|
|
1. [x] Suspend race condition
|
|
|
|
1. [x] Create a reliable reproducer for the race conditions beween `luksSuspend` and Kernel `sync()`: https://salsa.debian.org/mejo/cryptsetup-suspend/snippets/334
|
|
|
|
2. [x] Verify that disabling `sync()` in kernel suspend fixes the race condition
|
|
|
|
3. [ ] Develop, test and [submit](https://marc.info/?l=linux-pm&m=157044681609395&w=2) kernel patch
|
|
|
|
2. [ ] Clean implementation of the current state into Debian Cryptsetup package. Two key elements:
|
|
|
|
1. [ ] `cryptroot-suspend.c`: C program to make `luksSuspend` and system suspend as atomic as possible
|
|
|
|
2. [ ] `cryptroot-suspend-wrapper`: Shell script with all the logic: build chroot in ramfs; call `cryptroot-suspend.c`, `luksResume` after resume
|
|
|
|
3. [x] Develop, test and [submit](https://marc.info/?l=linux-pm&m=157044681609395&w=2) kernel patch
|
|
|
|
2. [x] Clean implementation of the current state into Debian Cryptsetup package. Two key elements:
|
|
|
|
1. [x] `cryptroot-suspend.c`: C program to make `luksSuspend` and system suspend as atomic as possible
|
|
|
|
2. [x] `cryptroot-suspend-wrapper`: Shell script with all the logic: build chroot in ramfs; call `cryptroot-suspend.c`, `luksResume` after resume
|
|
|
|
3. [x] Replace chroot from `cryptroot-suspend-wrapper` with `/boot/initramfs-...`
|
|
|
|
4. [ ] Tackle possible race conditions at resume:
|
|
|
|
1. [ ] Freeze processes: https://superuser.com/questions/485884/can-a-process-be-frozen-temporarily-in-linux
|
|
|
|
2. [ ] Maybe implement in C as `cryptroot-resume.c`
|
|
|
|
5. [ ] Testing and identifying problems with graphical environment
|
|
|
|
1. [ ] ...
|
|
|
|
6. [ ] Testing with different init systems (particularely systemd and sysvinit)
|
|
|
|
7. [ ] Open question: how do we reliably replace the different suspend implementations (systemd, Gnome, ...) with ours?
|
|
|
|
8. [ ] Evaluate more crypted filesystem structures
|
|
|
|
4. [x] Tackle possible race conditions at resume:
|
|
|
|
1. [x] Freeze processes: https://superuser.com/questions/485884/can-a-process-be-frozen-temporarily-in-linux
|
|
|
|
2. [ ] ~~Maybe implement in C as `cryptroot-resume.c`~~
|
|
|
|
5. [x] Testing and identifying problems with graphical environment
|
|
|
|
6. [ ] ~~Testing with different init systems (particularely systemd and sysvinit)~~
|
|
|
|
7. [x] Open question: how do we reliably replace the different suspend implementations (systemd, Gnome, ...) with ours?
|
|
|
|
8. [x] Evaluate more crypted filesystem structures
|
|
|
|
9. [ ] Add a configure flag for suspend feature to Gnome Power Management |
