Did some initial research. Richard Hughes announced this feature here: http://hughsient.livejournal.com/19481.html and https://bugzilla.gnome.org/show_bug.cgi?id=375681.
The feature is indeed
off-by-default (
http://git.gnome.org/browse/gnome-power-manager/tree/data/org.gnome.power-manager.gschema.xml),
and for good usability reasons. BTW, lock-on-hibernate is on by default.
Richard suggested back then that this should be in the UI. I have another proposal: make this flag on-by-default, but have the logic (now at http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c) depend on this flag, as well as the combination of the power manager setting /apps/gnome-power-manager/lock/suspend and when applicable, the screen saver setting/apps/gnome-screensaver/lock_enabled.
In other words:
if (gpm-lock-keyring-on-suspend &&
(gpm-use-screensaver-setting ? screensaver-lock-on-suspend :
gpm-lock-on-suspend)) { lock-the-keyring(); }
Rationale: if the user needs to enter a password on resume, you might as well clear the keyring on suspend. Otherwise, we don't want to annoy users by requiring a password during resume.
Motivation for lock-on-suspend: suspend, as opposed to hibernate, maintains power to RAM. This makes cold-boot attacks practical on stolen laptops (http://citp.princeton.edu/pub/coldboot.pdf). Moreover, an attacker can physically probe the RAM to read everything off it. And I suppose this is trivial if you have a programmable DMA device.
Thanks, Yaron On 07/19/2010 06:28 AM, Stef Walter wrote: On 2010-07-18 12:24, Yaron Sheffer wrote:it took me some time to find the Gnome configuration value /apps/gnome-power-manager/lock/gnome_keyring_suspend. It was disabled on my machine (Ubuntu Lucid). IMHO, it should be on-by-default because it adds quite a bit of security for laptops, which tend to be suspended/hibernating when they get stolen. So: can it be turned on (or is it just Ubuntu)?Yes, I think it should be turned on. I'd be really interested in why it's not on by default. If you have time to research this that would be a big help. This may be historical. The gnome-power-manager maintainers may know.Can I help to document this flag? Maybe start a "secure configuration FAQ"?Sure, you can branch it off of here: http://live.gnome.org/GnomeKeyring Thanks for your participation! Cheers, Stef |