Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp542417imm; Wed, 20 Jun 2018 02:36:00 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJFCM2Yux17O5mC+UK9WwXXn5UnzHwYZwiqh3D/+PipRFTo8vXxhnRU6MZ1+T9g0y/E7WDi X-Received: by 2002:a62:b2c4:: with SMTP id z65-v6mr21890171pfl.21.1529487360524; Wed, 20 Jun 2018 02:36:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529487360; cv=none; d=google.com; s=arc-20160816; b=TtWOVKxZXxDsF0OaABFHGuVwO7ty43Yty2Mv0uEW0YnQxqh4Kq2dbGmwOsO9cILt8x zTmmCh8Fe9Kj7n8gqakCiavbOpacWDOuIwr0oPqvMEpvkNfXdOV0sVqSeQz9aGFMWbIx iNdKUiKJTNPp6FpE2qEiNhicBfht6bNBzbL8ktCBHATfM4kkTeSdwx1uPSBs2RqI1q2T Z3wTx0rvfyipa8c/0pIL6vLNzrmszkotpUsx7yMWiZGExO+jiwJYphDo+EU38igN1QiI ti+1dYB9O6KzBobD3IptrxIdYi5RjV0SMgh1r0ZQkZ1iGz5TxLK5+ofJVFfgCfABarYr 79Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=LSQh47nCTU10zVKHxL6h8TH2sLf88OixdbcmmbXX1lU=; b=OW6bYrlxia1tZuGtLaHdu0VL18Yk1KYjYku8EGWRIEr+Yy8UKzn4836Qm/ZDRwACaS +yDGWEcJ+Q76eh87C7pvmEWketqNRIlnDeGIq78GlTzkXBfRCThAStSzCoYq4Lct6G8H O2VHapN7s8xCkL2WrjHJOdr2ooaeCH+uqvYNXD3ZKIdqyf+pBuc0IcEVd5V5Tt+zcCJM aY018ysBz7F2NuzdLFAFkeK9nyaDvHwGgT9UK0g16DdomrXaLom+Ph+gEWYB+insGMP2 cUjxLjuE1a3XaVK8cJn0sgqt3eTbu0nvkh9djwYQUeCCU5HVQ6TOlpwIes7TWanun1+b e7zg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8-v6si2118668pll.58.2018.06.20.02.35.46; Wed, 20 Jun 2018 02:36:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754930AbeFTJeO (ORCPT + 99 others); Wed, 20 Jun 2018 05:34:14 -0400 Received: from mga06.intel.com ([134.134.136.31]:29118 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754848AbeFTJeL (ORCPT ); Wed, 20 Jun 2018 05:34:11 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Jun 2018 02:34:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,246,1526367600"; d="scan'208";a="51386365" Received: from sandybridge-desktop.sh.intel.com ([10.239.160.116]) by orsmga006.jf.intel.com with ESMTP; 20 Jun 2018 02:34:09 -0700 From: Chen Yu To: "Rafael J. Wysocki" , Pavel Machek , Len Brown Cc: "Lee, Chun-Yi" , Borislav Petkov , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, Chen Yu Subject: [PATCH 0/3][RFC] Introduce the in-kernel hibernation encryption Date: Wed, 20 Jun 2018 17:39:37 +0800 Message-Id: X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, As security becomes more and more important, we add the in-kernel encryption support for hibernation. This prototype is a trial version to implement the hibernation encryption in the kernel, so that the users do not have to rely on third-party tools to encrypt the hibernation image. The only dependency on user space is that, the user space should provide a valid key derived from passphrase to the kernel for image encryption. There was a discussion on the mailing list on whether this key should be derived in kernel or in user space. And it turns out to be generating the key by user space is more acceptable[1]. So this patch set is divided into two parts: 1. The hibernation snapshot encryption in kernel space, 2. the key derivation implementation in user space. Please refer to each patch for detail, and feel free to comment on this, thanks. [1] https://www.spinics.net/lists/linux-crypto/msg33145.html Chen Yu (3): PM / Hibernate: Add helper functions for hibernation encryption PM / Hibernate: Encrypt the snapshot pages before submitted to the block device tools: create power/crypto utility MAINTAINERS | 8 + kernel/power/Kconfig | 13 + kernel/power/Makefile | 1 + kernel/power/crypto_hibernation.c | 405 ++++++++++++++++++++++++++++++ kernel/power/power.h | 38 +++ kernel/power/swap.c | 215 +++++++++++++++- tools/power/crypto/Makefile | 26 ++ tools/power/crypto/crypto_hibernate.c | 447 ++++++++++++++++++++++++++++++++++ 8 files changed, 1142 insertions(+), 11 deletions(-) create mode 100644 kernel/power/crypto_hibernation.c create mode 100644 tools/power/crypto/Makefile create mode 100644 tools/power/crypto/crypto_hibernate.c -- 2.7.4