I've come across the same problem, so I took another shot at porting the same script, which you can see here. It doesn't touch any non-volatile storage after luksSuspend
, so it works even with real full-disk encryption with an encrypted /boot. However, you'll need to be careful -- it might not work as expected occasionally!
The ported script does the following:
- Create a ramfs mount somewhere
- Extract the contents of initramfs there (including the initramfs suspend script)
- Bind mount relevant directories (e.g.
/sys
, /proc
, /dev
, /run
) to the ramfs mount
- Stop any services that may interfere (systemd-udevd, systemd-journald)
- Remount the root filesystem (ext4 or btrfs) with nobarrier so Linux doesn't hang while trying to go into S3, then sync
- Chroot into the initramfs mount, which syncs again, runs
luksSuspend
, and puts the computer to sleep
- After wake,
luksResume
, remount filesystems, restart services, unmount bind mounts in the initramfs mount
- Finally, unmount the initramfs mount so that we free the RAM used for the initramfs files
I've yet to do extensive testing on my script, but it seems to work reliably for me. If you use another filesystem (i.e. not ext4 or btrfs), then you might experience issues with barrier, so you'll need to modify the script too.
Either way, it's good to test and verify that the scripts work first. If you experience hangs while attempting to put Linux into S3 (i.e. at echo mem > /sys/power/state
), then you should be able to recover:
- Before suspending, open a tty or other terminal (that will be accessible, so ideally a tty)
- Load cryptsetup and relevant libraries into RAM:
sudo cryptsetup luksResume anything_here
- Suspend using the script
- If it hangs after the chroot (e.g. after
starting version xxx
is displayed on the new vt), switch to the tty you opened earlier and run sudo cryptsetup luksResume your_luks_device_name_here
- If that hangs too, open another vt and chroot into
/run/initramfs
: sudo chroot /run/initramfs /bin/ash
- Try to run
luksResume
: cryptsetup luksResume your_luks_device_name_here && exit
- Your computer should then suspend. You can then wake it up, kill the script(s) if they are still running, unmount the bind mounts and
/run/initramfs
, and remount your root filesystem with barrier if applicable.
I spend a few more hours on this... – Jonas Malaco – 2013-09-23T07:38:37.623
I edited the scripts that make up
pm-suspend
and it appeared that I was almost there. However, I found out that I can't just suspend the system (echo -n "mem" > /sys/power/state
) after freezing the root fs (cryptsetup luksSuspend ...
), for that requires some i/o still... – Jonas Malaco – 2013-09-23T07:51:59.8131I read a few discussions on Debian lists (and some other lists that linked or were linked to these ones) and, so far, it appears that on solution would require something like a "deinitramfs": the kernel would handle control over to the deinitramfs just before actually suspending the system, so that this tmpfs could perform the final cleanup actions (such as wiping the encryption key for the rootfs). – Jonas Malaco – 2013-09-23T07:52:41.393
I'd really like to see this question answered too. – BenAlabaster – 2013-10-10T20:12:36.870