488104 – support systemd-homed's "forget keys on suspend"

Bug 488104 - support systemd-homed's "forget keys on suspend"

Summary: support systemd-homed's "forget keys on suspend"

Status:	CONFIRMED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Session Management (show other bugs)
Version:	master
Platform:	unspecified Linux

Importance:	NOR wishlist
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-06-06 11:29 UTC by kdebugs@hirebzs.mozmail.com
Modified:	2024-06-07 14:30 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description kdebugs@hirebzs.mozmail.com 2024-06-06 11:29:48 UTC

SUMMARY
As a user I would like to improve the security posture of my KDE-installed system. One way to achieve this is to use systemd-homed to fully encrypt my home directory, and have it automatically locked with the keys purged from memory when the system suspends, by using systemd-homed's "[forget keys on suspend](https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html)" feature. GDM is already [working](https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/251) on supporting this, would love to see it in SDDM/KDE as well.

STEPS TO REPRODUCE
1. user creates encrypted home directory using systemd-homed and enables relevant setting in pam_systemd_homed
2. user suspends active session
3. user resumes session from suspended state

EXPECTED RESULT
user's home directory locked and keys purged from memory; user be asked to authenticate again to unlock home directory

ADDITIONAL INFORMATION
looks like there is some upstream work pending [this PR](https://github.com/systemd/systemd/pull/31796) targeting systemd v256 but the DM & shell bits should be ready for work