Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

From: joeyli
Date: Mon Aug 06 2018 - 05:48:21 EST


On Mon, Aug 06, 2018 at 03:57:54PM +0800, Yu Chen wrote:
> Hi Oliver,
> On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote:
> > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
> > >
> > > Good point, we once tried to generate key in kernel, but people
> > > suggest to generate key in userspace and provide it to the
> > > kernel, which is what ecryptfs do currently, so it seems this
> > > should also be safe for encryption in kernel.
> > > https://www.spinics.net/lists/linux-crypto/msg33145.html
> > > Thus Chun-Yi's signature can use EFI key and both the key from
> > > user space.

As Ard and James's comments, the EFI key can not be accepted:
https://lkml.org/lkml/2018/8/5/135

The lower entropy problem can be covered by RDRAND or EFI random
protocol. But the key point is that we can not fully trust manufacturer.
And, the secure boot relies on Microsoft's business interests. It's
not designed for confidentiality.

So I will move to TPM trusted key + encrypted key.

> >
> > Hi,
> >
> > ecryptfs can trust user space. It is supposed to keep data
> > safe while the system is inoperative.
> Humm, I did not quite get the point here, let's take fscrypt
> for example, the kernel gets user generated key from user space,
> and uses per-inode nonce(random bytes) as the master key to
> do a KDF(key derivation function) on user provided key, and uses
> that key for encryption. We can also added similar mechanism
> to generate the key in kernel space but the key should be
> original from user's provided key(password derived), because
> the security boot/signature mechanism could not cover the case
> that, two different users could resume to each other's context
> because there isn't any certification during resume if it is
> on the same physical hardware.
>

Sounds there have two different purposes. One is to prevent that
the secret in snapshop image be detected/changed outside the machine.
Another one try to prevent that B user resumes to A user's context
on the same machine.

In the case of B resumes A's context, I still think that the attacker
must physical accesses the machine. Which means that it's out of EFI
secure boot's design. Could you please explan the detail for the attack?

So I think that the password from user space is for user authentication,
and the TPM trusted key is for snapshot image encryption/verification.

Thanks
Joey Lee