Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp813771imm;
        Thu, 5 Jul 2018 09:17:53 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcqb8cpy4gAyJM2xw5rw+aTNIz28WhsUQS4DKxuhv7C9Pjr9RnKYDlKsXGm2oD2nl0Jj6Jy
X-Received: by 2002:a17:902:6b09:: with SMTP id o9-v6mr6731429plk.256.1530807472980;
        Thu, 05 Jul 2018 09:17:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530807472; cv=none;
        d=google.com; s=arc-20160816;
        b=Ipt1NrjSRegwYZiTFSgKy4OBisKWCDkZ0LuEYOt0RWnPJsArrLU4eEdLQUTO8GZ/H0
         ZdNYQS/doETMfzP7IlkSnxlmA/+NQkVUjvozu/nPWstlWMFBIBEiBKN/o89nqmWN7sZT
         juyQY4osycSJHBIX69faTwtTyN5s9E5J1Gbf6wLZMwKkhTIWcDdq4Y5zxybo0aJP/llV
         eDZz0M+0k9lMAo3Vkw6VM5pBZ3TcIJPi1f4AXVFi+Xr4NoJmsf7onBK7DtZIB3q9akGZ
         2H2fm1A8C7s0bdgids9L6LB3oUq1iW+Kq124v9hUlEWaODi3usMuc/y9LXgzSeVrUaP/
         eqWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=d/LP+Zk8in7ClWm4M+Z2jCL4gBQgzwxqNsYAJBRga/4=;
        b=IAPbNv8kFQflyRbAe3MJiokKMc7ZQOzuAXYFHk3QJ0uLRHDgjOZglnXGKpfv7C77ec
         /Gh9UngqUElqkS96aJYXP9L7WMP/OxMybnZH2J7yRxP1iBTySkgDLWc5Vd9OIUtLzNBN
         LUmlF0+8J2cmLpw05SVF0/Qt44Ks4Ufq3p0cSs9XyPsdTJRVXiwj0FsWhdQhxj95Db3S
         ytNInrwi/GRgKEK7rSTbSGFZYuWwUwqaxmwDm29V1Fu++e+6Hk4V0NFamEznorIUfJJy
         dOYnrfIWjs2Gvwygu/HyrFcnvAz7Go7BHL1jr2SVlJZp2NWfFvjsoWeJTnEHXWz/sxiI
         1KdA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 3-v6si6424821plf.84.2018.07.05.09.17.38;
        Thu, 05 Jul 2018 09:17:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753642AbeGEQRA (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Thu, 5 Jul 2018 12:17:00 -0400
Received: from smtp.nue.novell.com ([195.135.221.5]:40594 "EHLO
        smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753437AbeGEQQ7 (ORCPT
        <rfc822;groupwise-linux-kernel@vger.kernel.org:0:0>);
        Thu, 5 Jul 2018 12:16:59 -0400
Received: from linux-l9pv.suse (124-11-22-254.static.tfn.net.tw [124.11.22.254])
        by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 05 Jul 2018 18:16:51 +0200
Date:   Fri, 6 Jul 2018 00:16:37 +0800
From:   joeyli <jlee@suse.com>
To:     Chen Yu <yu.c.chen@intel.com>
Cc:     "Rafael J. Wysocki" <rafael@kernel.org>,
        Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
        Borislav Petkov <bp@alien8.de>, linux-pm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/3][RFC] Introduce the in-kernel hibernation encryption
Message-ID: <20180705161637.GK3628@linux-l9pv.suse>
References: <cover.1529486870.git.yu.c.chen@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cover.1529486870.git.yu.c.chen@intel.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Chen Yu, 

On Wed, Jun 20, 2018 at 05:39:37PM +0800, Chen Yu wrote:
> Hi,
> As security becomes more and more important, we add the in-kernel
> encryption support for hibernation.
> 
> This prototype is a trial version to implement the hibernation
> encryption in the kernel, so that the users do not have to rely
> on third-party tools to encrypt the hibernation image. The only
> dependency on user space is that, the user space should provide
> a valid key derived from passphrase to the kernel for image encryption.
> 
> There was a discussion on the mailing list on whether this key should
> be derived in kernel or in user space. And it turns out to be generating
> the key by user space is more acceptable[1]. So this patch set is divided
> into two parts:
> 1. The hibernation snapshot encryption in kernel space,
> 2. the key derivation implementation in user space.
> 
> Please refer to each patch for detail, and feel free to comment on
> this, thanks.
> 
> [1] https://www.spinics.net/lists/linux-crypto/msg33145.html
> 
> Chen Yu (3):
>   PM / Hibernate: Add helper functions for hibernation encryption
>   PM / Hibernate: Encrypt the snapshot pages before submitted to the
>     block device
>   tools: create power/crypto utility
>

I am trying this patch set.

Could you please tell me how to test the user space crypto utility with
systemd's hibernation module? 

I have a question about the salt. If the salt is saved in image header,
does that mean that kernel needs to read the image header before user
space crypto utility be launched? Otherwise user space can not get
the salt to produce key? I a bit confused about the resume process.

Thanks
Joey Lee