I use slackware linux dm-crypt and am able to use cryptsetup luksSuspend and luksResume successfully on non-rootfs partitions without deadlocking the system. I employ FDE on rootfs but never suspend that, only an additional data partition. i've been toying with possibly migrating to FreeBSD for desktop use. i did a manual partitioned install with GELI for FDE on FreeBSD 15. i used FreeBSD 10 i believe around jan 2013 so not new and know my way around the system for server use.
what i did was create the 4th partition as a GELI partition that is designated to be mounted to /home. i have the same setup on linux laptop with no problems. i log in to the console as root, decrypt, mount, then relogin as user. i have done numerous experiments with LUKS and the key not being wiped from RAM for the rootfs unless it is suspended which defeats the purpose because that then will deadlock the system. the solution is i simply luksSuspend the data partition (or rather volume which includes /home) so non-rootfs, then suspend to RAM. when i did geli suspend, it completely deleted all content in the /home folder including my user dir.
is this a bug or just not developed properly?
what i did was create the 4th partition as a GELI partition that is designated to be mounted to /home. i have the same setup on linux laptop with no problems. i log in to the console as root, decrypt, mount, then relogin as user. i have done numerous experiments with LUKS and the key not being wiped from RAM for the rootfs unless it is suspended which defeats the purpose because that then will deadlock the system. the solution is i simply luksSuspend the data partition (or rather volume which includes /home) so non-rootfs, then suspend to RAM. when i did geli suspend, it completely deleted all content in the /home folder including my user dir.
is this a bug or just not developed properly?