Workaround for race conditions: use extra partition for /home and only `luks suspend` /home?

[kmille]

Hey,
the race condition is still a known issue, right? My plan was to change the disk layout and do the following:

1. use two encrypted partitions, for / and /home
2. for the "new suspend": use normal suspend for /, but make a luks suspend for the /home partition
3. To luks resume I need to enter the password for /home

As / is not luksSuspended, there should be no race condition, right? It's also a nice trade of for me: a cold boot attack is unlikely - and if they do it they don't have access to /home. And that's where the important private data is stored.

Is there a tool that supports this? I could basically

1. open a terminal and cryptsetup luks suspend home
2. systemctl suspend
3. after wake up: use the open terminal and cryptsetup luks resume home

I'm thinking about adopting your project. Would be nice to get some thoughts of you. I really would like to have a cold boot defense mechanism that works reliable (using just this project out of the box hangs too often for me).

Hibernate is disabled in linux-hardened.