Brussels / 1 & 2 February 2020


Close lid to encrypt

Hard disk encryption in Linux suspend mode

Today, hard disk encryption only protects user's data when their machine is shut down. "Close lid to encrypt" aims to enhance this protection also to suspend mode.

Hard disk encryption is a necessity for everyone, who fears the physical theft or seizure of their device. However, your data is still only protected while the machine is shut down. But most people rarely shutdown their devices anymore. Usually, you just close the lid of your notebook and you're on your way.

"Close lid to encrypt" aims to improve the privacy of your data. When you close the lid of your notebook, it goes into sleep/suspend mode. All processes are frozen and don't need to access your hard disk anymore. We use this opportunity to clean the keys of your encrypted devices and suspend them as well. Therefore, the data on your hard drive is protected. When resuming your computer, you must re-enter the password of your encrypted volumes. But then you're just where you've been working before.

To make all this work, we rely on a small kernel patch, the cryptsetup project, initramfs and cgroups2. "Close lid to encrypt" right now focuses on Debian and it derivatives and we plan to bring all code upstream. This effort is funded by the German Prototypefund.

In this 20 minute presentation, I will thoroughly explain the problem and our approach to solving it. Of course, I will also explain the limits of our approach. Furthermore, I will demonstrate our already working prototype and answer your question.


Tim Dittler