Power Management and Encryption

Matthew Gillen me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org
Tue May 18 08:40:14 EDT 2010 

On 05/17/2010 11:57 PM, Bill Bogstad wrote:
> On Mon, May 17, 2010 at 9:10 PM, Matthew Gillen <me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org> wrote:
>> On 5/17/2010 4:50 PM, Daniel Feenberg wrote:
>>>
>>> We have a desktop Fedora 12 box with encrypted disks. This satisfies a
>>> government agency worried about confidential data on the machine, but I
>>> would like the data to revert to encrypted after X minutes of idle time.
>>> The gnome-power-management GUI only provides for "sleeping" on idle and I
>>> can't find the appropriate configuration files to improve on that, such as
>>> by shutting down. I did test and found that one only needs input the Linux
>>> password to gain access to the disk after sleeping, although if sleeping
>>> could suitably unmount the encrypted disks, that would be fine also. (It
>>> might be hard since it is full disk encryption, including the OS).
>>
>> To unmount your root fs, you'd essentially need to shutdown.  To do
>> that, you'll have to tweak gconf2.  Note, I haven't tried this myself,
>> but it looks like it should work ;-)
>>  Use either gconftool-2 or the gui editor to change the value of the key
>>  /apps/gnome-power-manager/actions/sleep_type_ac
>>  from 'suspend' to 'shutdown'.
> 
> On my Ubuntu 9.10 system, the description for that key only mentions
> hibernate, suspend, and nothing as possible values.
> This is using gconf-editor.   The critical_* keys add shutdown as a
> legal value.   Is the schema incomplete for the sleep_type_* keys or
> was shutdown added with more recent versions of gnome-power-manager?

No, I just didn't look at the schema.  I assumed since other keys in that
directory allowed 'shutdown' as a value, the sleep_type_ac would too.  Alas:
    <schema>
      <key>/schemas/apps/gnome-power-manager/actions/sleep_type_ac</key>
      <applyto>/apps/gnome-power-manager/actions/sleep_type_ac</applyto>
      <type>string</type>
      <default>suspend</default>
      <gettext_domain>gnome-power-manager</gettext_domain>
      <locale name="C">
        <short>Whether to hibernate, suspend or do nothing when inactive</short>
        <long>The type of sleeping that should be performed when the computer
is inactive. Possible values are "hibernate", "suspend" and "nothing".</long>
      </locale>
    </schema>

So my original suggestion won't work.  You could try setting the
 /schemas/apps/gnome-power-manager/buttons/suspend
key's value to 'shutdown' (that is a legal value for that key, the question is
whether it treats all suspend events as 'suspend button' pushes).

If all else fails, this page might help you to customize HAL's actions when it
gets told to suspend:
 http://chkno.net/hal-power-button.html

HTH,
Matt

More information about the Discuss mailing list