Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

From: Pavel Machek
Date: Wed Aug 08 2018 - 13:58:51 EST

Next message: Andy Shevchenko: "Re: [PATCH 21/28] ARM: davinci: dm644x-evm: use device properties for at24 eeprom"
Previous message: Andy Shevchenko: "Re: [PATCH 27/28] ARM: davinci: mityomapl138: use device properties for at24 eeprom"
In reply to: joeyli: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Next in thread: Yu Chen: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 2018-08-06 18:39:58, joeyli wrote:
> On Mon, Aug 06, 2018 at 04:45:34PM +0800, Yu Chen wrote:
> > Hi Pavel,
> > On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote:
> > > Hi!
> > >
> > > > > User space doesn't need to involve. The EFI root key is generated by
> > > > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service
> > > > > variable that it can only be accessed by trusted EFI binary when
> > > > > secure boot is enabled.
> > > > >
> > > > Okay, this apply to the 'suspend' phase, right?
> > > > I'm still a little confused about the 'resume' phase.
> > > > Taking encryption as example(not signature),
> > > > the purpose of doing hibernation encryption is to prevent other users
> > > > from stealing ram content. Say, user A uses a passphrase to generate the
> > >
> > > No, I don't think that's purpose here.
> > >
> > > Purpose here is to prevent user from reading/modifying kernel memory
> > > content on machine he owns.
> > >
> > Say, A puts his laptop into hibernation and walks away,
> > and B walks by, and opens A's laptop and wakes up the system and he
> > can do what he wants. Although EFI key/TPM trusted key is enabled,
> > currently there's no certification during resume, which sounds
> > unsafe to me. Afterall, the original requirement is to probe
> > user for password during resume, which sounds more natural.
>
> OK, I saw your case. This is a physical accessing.
>
> I have a question: The suspend to memory also has the same behavior
> and more people are using suspend. Should we think a common solution
> to cover S3 and S4?

Well, we have similar problem during runtime, too ;-).

Anyway, I don't think we should encrypt memory during S3 in kernel.

If you wanted to do that, you could use uswsusp to take snapshot,
store it in ram, encrypt, erase originals (new API might be
needed... hmm. does not exactly sound easy... kexec?), trigger S3, decrypt,
resume from snapshot...

Sounds like a bit of work...

Best regards,

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Next message: Andy Shevchenko: "Re: [PATCH 21/28] ARM: davinci: dm644x-evm: use device properties for at24 eeprom"
Previous message: Andy Shevchenko: "Re: [PATCH 27/28] ARM: davinci: mityomapl138: use device properties for at24 eeprom"
In reply to: joeyli: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Next in thread: Yu Chen: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]