Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756615Ab3JQOHG (ORCPT ); Thu, 17 Oct 2013 10:07:06 -0400 Received: from hydra.sisk.pl ([212.160.235.94]:51543 "EHLO hydra.sisk.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755754Ab3JQOHD (ORCPT ); Thu, 17 Oct 2013 10:07:03 -0400 From: "Rafael J. Wysocki" To: "Lee, Chun-Yi" Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, opensuse-kernel@opensuse.org, David Howells , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , James Bottomley , Greg KH , JKosina@suse.com, Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal , "Lee, Chun-Yi" Subject: Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot Date: Thu, 17 Oct 2013 16:18:47 +0200 Message-ID: <3744955.cCTmoQ1ejp@vostro.rjw.lan> User-Agent: KMail/4.10.5 (Linux/3.11.0+; KDE/4.10.5; x86_64; ; ) In-Reply-To: <1379206621-18639-1-git-send-email-jlee@suse.com> References: <1379206621-18639-1-git-send-email-jlee@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1313 Lines: 28 On Sunday, September 15, 2013 08:56:46 AM Lee, Chun-Yi wrote: > Hi experts, > > This patchset is the implementation for signature verification of hibernate > snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader > generate key-pair in UEFI secure boot environment, then pass it to kernel > for sign/verify S4 image. > > Due to there have potential threat from the S4 image hacked, it may causes > kernel lost the trust in UEFI secure boot. Hacker attack the S4 snapshot > image in swap partition through whatever exploit from another trusted OS, > and the exploit may don't need physical access machine. > > So, this patchset give the ability to kernel for parsing RSA private key > from EFI bootloader, then using the private key to generate the signature > of S4 snapshot image. Kernel put the signature to snapshot header, and > verify the signature when kernel try to recover snapshot image to memory. I wonder what the status of this work is? Is it considered ready for inclusion or are you still going to work on it and resubmit? Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/