Received: by 10.192.165.148 with SMTP id m20csp2465648imm; Sun, 22 Apr 2018 07:36:55 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+0Td0zGhoHmc2WYmQgkIO8qcFRaw6OycatLoeGe+PwhW3XY405g28eOPzDvTxX2sSvW5EZ X-Received: by 10.98.35.11 with SMTP id j11mr7367340pfj.177.1524407815432; Sun, 22 Apr 2018 07:36:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524407815; cv=none; d=google.com; s=arc-20160816; b=SBJ6wkfjC2I+kpkv0ZZKE+grBG1Tycs5JJK1xlej+iO3C0LMad+uwqFbehugfdh/RC 8wgR8/73WTCjz2aew9icFAw8AfUFiGPicJVxjRE6fJfKx78sITws/BMWjxjEUY2mWLhi ivefztNvhHngHobR5aNGsgTHBkOLjZtQ0WqG4ZefrLB8CQcJtd/KILU69fGccffWLFOI F9NULwCPtis+Dx8YjLXz+SXpw0gTR54cptOVlp3l3BhY7KAV8f201W/b+z4TmzwUk8aE mq8fBoYw4z2ncqnr5wux/bMPKZb59z/8shXhyaV+U+efv0l2oCNAqYkC9xfO3+IYOUGe ZNqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=gHz1dyGYzRDAaL4cGNMGXWtCUb8kInvEUtecTT7DPCk=; b=f5gpVJ22j1Q+UV/hp+Bbwzh8mwiJrQMOLnkeCh5XPYeW3U7VbluKyCLWs3eN9J/ud5 vmb3ivRVI9LtJLxElawmu1c2ZOhWoIumg9PuUOyv94e8u3aqjpZr5GkObFwemJAwcYi/ /hUdvQt00Gv/+pUmV3ctzWobNyLdVH5IUj24lvLCIzNatFjyrTYT/kSeDoyOqolvaUj+ SiPtDnhJ1EFj0W3UVSPCcltc/Hn8KSyfXZwaasm/2s1O5uVU4VAXGFNIJtEOQi7VF7Yf Q0cvXi15RWpNa0S2O/JPXDUHF0FJ9OeoWqivSxazWCzpmpz36zCOFb7SpgMmzrzml+Zv mrDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m72si9426004pfi.236.2018.04.22.07.36.19; Sun, 22 Apr 2018 07:36:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757357AbeDVOfK (ORCPT + 99 others); Sun, 22 Apr 2018 10:35:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:42702 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757400AbeDVOfH (ORCPT ); Sun, 22 Apr 2018 10:35:07 -0400 Received: from mail-wr0-f176.google.com (mail-wr0-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D9AD5217D2 for ; Sun, 22 Apr 2018 14:35:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D9AD5217D2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-wr0-f176.google.com with SMTP id v60-v6so34355410wrc.7 for ; Sun, 22 Apr 2018 07:35:05 -0700 (PDT) X-Gm-Message-State: ALQs6tCGXroPZis0DFCDUb33msyn+QabugRIPlnhiHWdIb5ib54lrfIv i6VZijjHpHsy/82vDG9WWoCzY5pjhe7ARZ9QcjK1xA== X-Received: by 2002:adf:9287:: with SMTP id 7-v6mr6889736wrn.67.1524407704279; Sun, 22 Apr 2018 07:35:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.247.15 with HTTP; Sun, 22 Apr 2018 07:34:43 -0700 (PDT) In-Reply-To: <27926.1524148733@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> <152346392521.4030.5108539377959227838.stgit@warthog.procyon.org.uk> <20180413202234.GA4484@amd> <27926.1524148733@warthog.procyon.org.uk> From: Andy Lutomirski Date: Sun, 22 Apr 2018 07:34:43 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 07/24] hibernate: Disable when the kernel is locked down To: David Howells Cc: Pavel Machek , Linus Torvalds , linux-man , Linux API , James Morris , LKML , LSM List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 19, 2018 at 7:38 AM, David Howells wrote: > Pavel Machek wrote: > >> > There is currently no way to verify the resume image when returning >> > from hibernate. This might compromise the signed modules trust model, >> > so until we can work with signed hibernate images we disable it when the >> > kernel is locked down. >> >> I'd rather see hibernation fixed than disabled like this. > > The problem is that you have to store the hibernated kernel image encrypted, > but you can't store the decryption key on disk unencrypted or you've just > wasted the effort. > > So the firmware has to unlock the image, asking the user for a password to > unlock the key. Why firmware? Either the boot kernel could figure out how to ask for a password (or unseal using the TPM) or we could defer this to userspace. The latter should already work using kexec-jump, no?