2012 Reports :  Cryptology ePrint Archive Forum
Discussion forum for Cryptology ePrint Archive reports posted in 2012. Please put the report number in the subject. 
Goto Thread: PreviousNext
Goto: Forum ListMessage ListNew TopicSearchLog In
2012/374 encryption of hibernatefile (sleepimage) with and without Core Storage in OS X
Posted by: grahamperrin (IP Logged)
Date: 19 July 2012 07:52

Encryption of hibernatefile with Core Storage
=============================================

> 4.2 Plaintext bits in encrypted volume

CVE-2011-3212
[cve.mitre.org]
is mentioned in the following Apple articles:

HT5002
[support.apple.com]

HT5281
[support.apple.com]

Encryption of hibernatefile without Core Storage
================================================

From Apple's current manual page for pmset(8):

>> hibernatefile - change hibernation image file location.
>> Image may only be located on the root volume.
>> Please use caution. (value = path)

[developer.apple.com]

Preliminary test results show that whilst the man page directs the user to locate the image file on the root volume, it is possible to both:

a) locate the file elsewhere (say, a JHFS+ Apple_HFS slice alongside the Apple_CoreStorage slice that is used to encrypt OS X); and

b) successfully wake from hibernation.

A question arises:

* whether encryption applies to a hibernatefile that is not on the root volume.



Edited 2 time(s). Last edit at 19-Jul-2012 08:08 by grahamperrin.



Please log in for posting a message. Only registered users may post in this forum.