Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp4992659imm; Tue, 26 Jun 2018 04:13:46 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLijYLi2WVDE3B1c18HINd92oYg0sFw9bBR9u0L539KvBRhMb1LgIwlzKRPHRBRD66+bhtS X-Received: by 2002:a17:902:6b0b:: with SMTP id o11-v6mr1168574plk.101.1530011626460; Tue, 26 Jun 2018 04:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530011626; cv=none; d=google.com; s=arc-20160816; b=mtd5HcNP6pzoVppRKZX7PHshvLOQ3frmDvpr9wfFeFkZM9tMUfrbt7GKEkXc82wlNk HlfMsT9/AP8VMPUt2nm3RKXWNhaMlCDnNYNso4czztiKZd673J4quSixcxzN2CLP2eXo 2eIgGrpPNg+etoQz7idfvz+tt0ooi90M132VHtJZ7upnS4QNLJQ2zJ5uO3At6sEeGz2E WG9J335ewbYzrjcrfXaDBokagTqkCp1qcNGWT3znzU3fYxhF8s015pvHXqRsvv17CZU+ nUG0y6wxpJ70BzGZKhIg70/xUjQMnCNAQejF0rj/yx9gZc8C3NNlGYJnSpmkrBntbswT Su3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=x1/qGpY/1yq0Az9gk3BQAYDpzHpvApI/p5ghqOBBFOc=; b=Awl55RWokmp6XFVBNa3fkh/ZfhBsMrMnMV5rsaLeFPy12DSJS4M51Ea8qT6VytRuys JrykgV256biPyB7cdVFZ8K6ab52riyFX9kIkeoHqITyoyvzYXaMtckWgNaqtvHq9XyOF MQR/lsxRFlwAiLoqIjMLdLx/to55eVxdpNCGYLCVSFtij//x0jc30nW7hXyD0tiOlGj2 jMlplBqSqvQYM75sWfpkjX2HK/chhuIiNJ88wFH0zYRGuQZzaR7DpvnNvcuauOOx+oyP waq1YwKeewia6ZCReicsPpRmsjJim5ziyyUPF5qo8t6vJ0OI2NJ4S70JvceUsUJWW8mQ tPkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v3-v6si1172212pgs.172.2018.06.26.04.13.30; Tue, 26 Jun 2018 04:13:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934063AbeFZLMw (ORCPT + 99 others); Tue, 26 Jun 2018 07:12:52 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:42083 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932888AbeFZLMu (ORCPT ); Tue, 26 Jun 2018 07:12:50 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 25BF380384; Tue, 26 Jun 2018 13:12:48 +0200 (CEST) Date: Tue, 26 Jun 2018 13:12:45 +0200 From: Pavel Machek To: Oliver Neukum Cc: "Rafael J. Wysocki" , Chen Yu , Ted Ts'o , Len Brown , "Lee, Chun-Yi" , Borislav Petkov , Linux PM , Linux Kernel Mailing List , "Rafael J . Wysocki" , Stephan Mueller , Eric Biggers , Denis Kenzior Subject: Re: [PATCH 3/3][RFC] tools: create power/crypto utility Message-ID: <20180626111245.GA25323@amd> References: <78af30838d0bac69bdd6e138b659bcbb8464fd13.1529486870.git.yu.c.chen@intel.com> <20180621090142.GB21807@amd> <20180621190401.GA14623@amd> <20180625115405.GB17001@amd> <20180625221615.GA15249@amd> <1530009024.20417.5.camel@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <1530009024.20417.5.camel@suse.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue 2018-06-26 12:30:24, Oliver Neukum wrote: > On Di, 2018-06-26 at 00:16 +0200, Pavel Machek wrote: > > Interested parties can easily fix up the userland parts of uswsusp, > >=20 > > change crypto, add or remove dependencies, move it to other hosting, > >=20 > > or drop it and start again. Kernel interface is flexible enough. If > >=20 > > Chen wants to move the s2disk encryption into kernel, it is his task > >=20 > > to explain why that is neccessary. >=20 > We would have to assume that the kernel is on a higher level of trust. > To a certain extent it is.You cannot drop support for /dev/kmem conceptio= nally > if there is an ioctl to snapshot it. If I understood the description, proposed patches give userspace encryption key + image encrypted with that key. So... that's not really an improvement. Anyway, I guess it makes sense to wait for v2 of patches with better description of security goals of this. Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlsyH60ACgkQMOfwapXb+vKehgCffChO2ruu+N5DchYHAWeASRY2 SdwAnRV3WMx9+4VZYNEGdcksH56NWYmO =7OFp -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--