Linux Standby Mode Fails to Clear Disk Encryption Keys

During the porting of the cryptsetup-suspend toolkit to NixOS, a bug was discovered in the LUKS (Linux Unified Key Setup) disk encryption subsystem. This bug, starting with the Linux kernel 6.9 (problematic commit) released in May 2024, affects the work of clearing encryption keys from RAM when the system goes into suspend mode.

The cryptsetup-suspend toolkit is used in Debian to automatically lock LUKS partitions before going to sleep. It is designed to prevent unauthorized access to data if a laptop is stolen while in sleep mode. Due to a bug in the Linux kernel, after locking a LUKS partition with the “cryptsetup luksSuspend” command, encryption keys were not cleared from RAM and remained visible through /proc/keys, potentially allowing an attacker to extract them using methods like the “cold boot” technique.

The lack of key purification was identified during debugging of a race condition causing issues with entering standby mode. This bug arose after a refactoring in the 6.9 kernel, resulting in keys remaining in memory even though they should have been deleted when the calling thread terminated. A one-line patch has been proposed to address this issue.

However, the patch has not been accepted into the kernel due to a flaw – it only works for physical drives, not virtual loop devices. Instead of fixing the problem at the kernel level, developers of the cryptsetup toolkit have proposed a workaround for clearing keys. This workaround has been approved and will be included in the release of cryptsetup 2.8.7.

In addition,

/Reports, release notes, official announcements.