Hard disk encryption is a necessity for everyone, who fears the physical theft or seizure of their device. However, your data is still only protected while the machine is shut down. But most people rarely shutdown their devices anymore. Usually, you just close the lid of your notebook and you're on your way.

"Close lid to encrypt" aims to improve the privacy of your data. When you close the lid of your notebook, it goes into sleep/suspend mode. All processes are frozen and don't need to access your hard disk anymore. We use this opportunity to clean the keys of your encrypted devices and suspend them as well. Therefore, the data on your hard drive is protected. When resuming your computer, you must re-enter the password of your encrypted volumes. But then you're just where you've been working before.

To make all this work, we rely on a small kernel patch, the cryptsetup project, initramfs and cgroups2. "Close lid to encrypt" right now focuses on Debian and it derivatives and we plan to bring all code upstream. This effort is funded by the German Prototypefund.