Bug 488104

Summary: support systemd-homed's "forget keys on suspend"
Product: [Plasma] plasmashell Reporter: kdebugs <kdebugs>
Component: Session ManagementAssignee: Plasma Bugs List <plasma-bugs-null>
Status: CONFIRMED ---    
Severity: wishlist CC: natalie_clarius, nate
Priority: NOR    
Version First Reported In: master   
Target Milestone: 1.0   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description kdebugs@hirebzs.mozmail.com 2024-06-06 11:29:48 UTC 
SUMMARY
As a user I would like to improve the security posture of my KDE-installed system. One way to achieve this is to use systemd-homed to fully encrypt my home directory, and have it automatically locked with the keys purged from memory when the system suspends, by using systemd-homed's "[forget keys on suspend](https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html)" feature. GDM is already [working](https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/251) on supporting this, would love to see it in SDDM/KDE as well.

STEPS TO REPRODUCE
1. user creates encrypted home directory using systemd-homed and enables relevant setting in pam_systemd_homed
2. user suspends active session
3. user resumes session from suspended state

EXPECTED RESULT
user's home directory locked and keys purged from memory; user be asked to authenticate again to unlock home directory

ADDITIONAL INFORMATION
looks like there is some upstream work pending [this PR](https://github.com/systemd/systemd/pull/31796) targeting systemd v256 but the DM & shell bits should be ready for work