Did some initial
research. Richard Hughes announced this feature here:
http://hughsient.livejournal.com/19481.html
and
https://bugzilla.gnome.org/show_bug.cgi?id=375681.
The feature is indeed
off-by-default (
http://git.gnome.org/browse/gnome-power-manager/tree/data/org.gnome.power-manager.gschema.xml),
and
for good usability reasons. BTW, lock-on-hibernate is on by default.
Richard
suggested
back then that this should be in the UI. I have another
proposal: make this flag on-by-default, but have the logic (now at
http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c)
depend
on
this flag, as well as the combination of the power manager
setting /apps/gnome-power-manager/lock/suspend and when applicable, the
screen saver setting/apps/gnome-screensaver/lock_enabled.
In other words:
if
(gpm-lock-keyring-on-suspend &&
(gpm-use-screensaver-setting ? screensaver-lock-on-suspend :
gpm-lock-on-suspend)) {
lock-the-keyring();
}
Rationale: if the
user
needs to enter a password on resume, you might as well clear the
keyring on suspend. Otherwise, we don't want to annoy users by
requiring a password during resume.
Motivation for
lock-on-suspend: suspend,
as opposed to hibernate, maintains power to RAM. This makes cold-boot
attacks practical on stolen laptops
(http://citp.princeton.edu/pub/coldboot.pdf).
Moreover, an attacker can
physically probe the RAM to read everything off it. And I suppose this
is trivial if you have a programmable DMA device.
Thanks,
Yaron
On 07/19/2010 06:28 AM, Stef Walter wrote:
On 2010-07-18 12:24, Yaron Sheffer wrote:
it took me some time to find the Gnome configuration value
/apps/gnome-power-manager/lock/gnome_keyring_suspend. It was disabled on
my machine (Ubuntu Lucid). IMHO, it should be on-by-default because it
adds quite a bit of security for laptops, which tend to be
suspended/hibernating when they get stolen.
So: can it be turned on (or is it just Ubuntu)?
Yes, I think it should be turned on. I'd be really interested in why
it's not on by default. If you have time to research this that would be
a big help. This may be historical. The gnome-power-manager maintainers
may know.
Can I help to document this flag? Maybe start a "secure configuration FAQ"?
Sure, you can branch it off of here:
http://live.gnome.org/GnomeKeyring
Thanks for your participation!
Cheers,
Stef