Received: by 10.192.165.148 with SMTP id m20csp2465648imm;
        Sun, 22 Apr 2018 07:36:55 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+0Td0zGhoHmc2WYmQgkIO8qcFRaw6OycatLoeGe+PwhW3XY405g28eOPzDvTxX2sSvW5EZ
X-Received: by 10.98.35.11 with SMTP id j11mr7367340pfj.177.1524407815432;
        Sun, 22 Apr 2018 07:36:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524407815; cv=none;
        d=google.com; s=arc-20160816;
        b=SBJ6wkfjC2I+kpkv0ZZKE+grBG1Tycs5JJK1xlej+iO3C0LMad+uwqFbehugfdh/RC
         8wgR8/73WTCjz2aew9icFAw8AfUFiGPicJVxjRE6fJfKx78sITws/BMWjxjEUY2mWLhi
         ivefztNvhHngHobR5aNGsgTHBkOLjZtQ0WqG4ZefrLB8CQcJtd/KILU69fGccffWLFOI
         F9NULwCPtis+Dx8YjLXz+SXpw0gTR54cptOVlp3l3BhY7KAV8f201W/b+z4TmzwUk8aE
         mq8fBoYw4z2ncqnr5wux/bMPKZb59z/8shXhyaV+U+efv0l2oCNAqYkC9xfO3+IYOUGe
         ZNqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dmarc-filter
         :arc-authentication-results;
        bh=gHz1dyGYzRDAaL4cGNMGXWtCUb8kInvEUtecTT7DPCk=;
        b=f5gpVJ22j1Q+UV/hp+Bbwzh8mwiJrQMOLnkeCh5XPYeW3U7VbluKyCLWs3eN9J/ud5
         vmb3ivRVI9LtJLxElawmu1c2ZOhWoIumg9PuUOyv94e8u3aqjpZr5GkObFwemJAwcYi/
         /hUdvQt00Gv/+pUmV3ctzWobNyLdVH5IUj24lvLCIzNatFjyrTYT/kSeDoyOqolvaUj+
         SiPtDnhJ1EFj0W3UVSPCcltc/Hn8KSyfXZwaasm/2s1O5uVU4VAXGFNIJtEOQi7VF7Yf
         Q0cvXi15RWpNa0S2O/JPXDUHF0FJ9OeoWqivSxazWCzpmpz36zCOFb7SpgMmzrzml+Zv
         mrDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m72si9426004pfi.236.2018.04.22.07.36.19;
        Sun, 22 Apr 2018 07:36:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757357AbeDVOfK (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Sun, 22 Apr 2018 10:35:10 -0400
Received: from mail.kernel.org ([198.145.29.99]:42702 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1757400AbeDVOfH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 22 Apr 2018 10:35:07 -0400
Received: from mail-wr0-f176.google.com (mail-wr0-f176.google.com [209.85.128.176])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D9AD5217D2
        for <linux-kernel@vger.kernel.org>; Sun, 22 Apr 2018 14:35:05 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D9AD5217D2
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
Received: by mail-wr0-f176.google.com with SMTP id v60-v6so34355410wrc.7
        for <linux-kernel@vger.kernel.org>; Sun, 22 Apr 2018 07:35:05 -0700 (PDT)
X-Gm-Message-State: ALQs6tCGXroPZis0DFCDUb33msyn+QabugRIPlnhiHWdIb5ib54lrfIv
        i6VZijjHpHsy/82vDG9WWoCzY5pjhe7ARZ9QcjK1xA==
X-Received: by 2002:adf:9287:: with SMTP id 7-v6mr6889736wrn.67.1524407704279;
 Sun, 22 Apr 2018 07:35:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.247.15 with HTTP; Sun, 22 Apr 2018 07:34:43 -0700 (PDT)
In-Reply-To: <27926.1524148733@warthog.procyon.org.uk>
References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk>
 <152346392521.4030.5108539377959227838.stgit@warthog.procyon.org.uk>
 <20180413202234.GA4484@amd> <27926.1524148733@warthog.procyon.org.uk>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Sun, 22 Apr 2018 07:34:43 -0700
X-Gmail-Original-Message-ID: <CALCETrWnucpY8VueVh==ZGo8LpvVBpppoK6MLwW188A89TwzQQ@mail.gmail.com>
Message-ID: <CALCETrWnucpY8VueVh==ZGo8LpvVBpppoK6MLwW188A89TwzQQ@mail.gmail.com>
Subject: Re: [PATCH 07/24] hibernate: Disable when the kernel is locked down
To:     David Howells <dhowells@redhat.com>
Cc:     Pavel Machek <pavel@ucw.cz>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-man <linux-man@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        James Morris <jmorris@namei.org>,
        LKML <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 19, 2018 at 7:38 AM, David Howells <dhowells@redhat.com> wrote:
> Pavel Machek <pavel@ucw.cz> wrote:
>
>> > There is currently no way to verify the resume image when returning
>> > from hibernate.  This might compromise the signed modules trust model,
>> > so until we can work with signed hibernate images we disable it when the
>> > kernel is locked down.
>>
>> I'd rather see hibernation fixed than disabled like this.
>
> The problem is that you have to store the hibernated kernel image encrypted,
> but you can't store the decryption key on disk unencrypted or you've just
> wasted the effort.
>
> So the firmware has to unlock the image, asking the user for a password to
> unlock the key.

Why firmware?

Either the boot kernel could figure out how to ask for a password (or
unseal using the TPM) or we could defer this to userspace.  The latter
should already work using kexec-jump, no?