Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754289AbbGaPLS (ORCPT ); Fri, 31 Jul 2015 11:11:18 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:50312 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752927AbbGaPKI (ORCPT ); Fri, 31 Jul 2015 11:10:08 -0400 Date: Fri, 31 Jul 2015 23:09:50 +0800 From: joeyli To: Matt Fleming Cc: "Lee, Chun-Yi" , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Jiri Kosina , "H. Peter Anvin" Subject: Re: [RFC PATCH 06/16] x86/efi: Generating random HMAC key for siging hibernate image Message-ID: <20150731150950.GC2067@linux-rxt1.site> References: <1437056730-15247-1-git-send-email-jlee@suse.com> <1437056730-15247-7-git-send-email-jlee@suse.com> <1438273246.11322.14.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1438273246.11322.14.camel@intel.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1818 Lines: 47 On Thu, Jul 30, 2015 at 05:20:46PM +0100, Matt Fleming wrote: > On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote: > > This patch adds codes in EFI stub for generating and storing the > > HMAC key in EFI boot service variable for signing hibernate image. > > > > Per rcf2104, the length of HMAC-SHA1 hash result is 20 bytes, and > > it recommended the length of key the same with hash rsult, means > > also 20 bytes. Using longer key would not significantly increase > > the function strength. Due to the nvram space is limited in some > > UEFI machines, so using the minimal recommended length 20 bytes > > key that will stored in boot service variable. > > > > For generating a messy number as a 20 bytes key, the codes in EFI > > stub gets u32 random number five time and every random number is > > rolling that last u32 random number as entropy. > > > > The HMAC key stored in EFI boot service variable, the GUID is > > S4SignKey-fe141863-c070-478e-b8a3-878a5dc9ef21. > > [...] > > > @@ -1383,6 +1384,60 @@ free_mem_map: > > return status; > > } > > > > +#ifdef CONFIG_HIBERNATE_VERIFICATION > > +#define SWSUSP_KEY \ > > + ((efi_char16_t [10]) { 'S', 'W', 'S', 'U', 'S', 'P', 'K', 'e', 'y', 0 }) > > +#define SWSUSP_KEY_ATTRIBUTE (EFI_VARIABLE_NON_VOLATILE | \ > > + EFI_VARIABLE_BOOTSERVICE_ACCESS) > > You mean "SWSUSPKey" not "S4SignKey" right? > Oh! it's my fault. In 2013 PKI edition, there havse sign key and verify key. The HMAC edition has only one SWSUSPKey. I will change the variable name in patch description. Thanks a lot! Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/