Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp724744imm; Wed, 18 Jul 2018 09:34:17 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeCircRjjuQKTSPxxkevM9MXtQDW8inim6JgeruiIr6MYBIx2tsi9h/xC/jjcD+fTeE8PIH X-Received: by 2002:a63:f45:: with SMTP id 5-v6mr6598620pgp.447.1531931657330; Wed, 18 Jul 2018 09:34:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531931657; cv=none; d=google.com; s=arc-20160816; b=wZgSbditn0wQJTnameT0pf8dVlROLDguzoWah/lfr9uLkOHJhEwz93E6n0u3LIc0qr lNjZEHg5Xw8jJSTJ+x0mZ4hT5FLaSMnvMwl6+bKsB/aTp5GlMp5yE/m0+ZOCvUEf4c0X eJaGVYB8ppqA8SqoyZcO0SOC5Wfd8r492JrhPs+1qrBY207TpQ2i6MZWVsx65/N8XCSt 2DOiJU+zsR07kxegt16aH3hxRQlesID/imLyLWk8He0qk8om5bpiqEcTBNPQRtaZ0A6D 2WtzpUJof0wOUVVPMdijEE13Ij7JkmWb/lwxLUIQG3R+NZd7A8jyhCGyD4jAJijzEEZC nLFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=OR3qIGZUnB/WmBC1JOJ4i7PVQdvZ1PuvcdTh8PVtORU=; b=Rn6Ft8eQuzl5rDqQmrDyti6FfqAgu6P3YOCBu8jK9yZ77eYcC51ol5Oi6iemS7V0Ad /SriuaH3+j7SdfSU/mPMoKwU8BWZFTr/MVXzawFv85kiBFCrVKVV+4bXZtEkImiiTDi+ NHtzpfOpuPd1NuEcPvqFRZvu2/K34Mx8UTHrFlXRj8btExVBtdJD2i/RJP/6o0fA0e26 9XaaiS31lxfhoiPwFBxpx5hbOA0jRmyVBw9924m6UU9Zquw5KMADdGFRt7pWJu1eZvfM gFHTWx/tkH8aty2yGoJ7UaRzUclQevjNTZYak0ySdinsVxlc9aCfwpTeMXi/9wQSPbr/ 2vZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v32-v6si419712plg.283.2018.07.18.09.34.02; Wed, 18 Jul 2018 09:34:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731591AbeGRRLU (ORCPT + 99 others); Wed, 18 Jul 2018 13:11:20 -0400 Received: from mga02.intel.com ([134.134.136.20]:59895 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731195AbeGRRLT (ORCPT ); Wed, 18 Jul 2018 13:11:19 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jul 2018 09:32:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,371,1526367600"; d="scan'208";a="246779970" Received: from sandybridge-desktop.sh.intel.com ([10.239.160.116]) by fmsmga006.fm.intel.com with ESMTP; 18 Jul 2018 09:32:35 -0700 From: Chen Yu To: "Rafael J . Wysocki" , Pavel Machek , Eric Biggers , Len Brown , "Lee, Chun-Yi" , "Theodore Ts o" , Stephan Mueller , Denis Kenzior Cc: linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" , Chen Yu Subject: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Date: Thu, 19 Jul 2018 00:38:06 +0800 Message-Id: X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As security becomes more and more important, we add the in-kernel encryption support for hibernation. This prototype is a trial version to implement the hibernation encryption in the kernel. This patch set is divided into two parts: 1. The hibernation snapshot encryption in kernel space. 2. The key derivation implementation in user space. The whole process is illustrated below: 1. install the kernel module: modprobe crypto_hibernation 2. run the tool to generate the key from user provided passphrase (salt has been read from kernel). 3. launch the hibernation process, the kernel uses the key in step 2 to encrypt the hibernation snapshot. 4. resume the system and the initrd will launch cryto_hibernate to read previous salt from kernel and probe the user passphrase and generate the same key. 5. kernel uses this key to decrypt the hibernation snapshot and restore to previous system. Chen Yu (4): PM / Hibernate: Add helper functions for hibernation encryption PM / hibernate: Install crypto hooks for hibernation encryption PM / Hibernate: Encrypt the snapshot pages before submitted to the block device tools: create power/crypto utility include/linux/suspend.h | 40 +++ kernel/power/Kconfig | 14 ++ kernel/power/Makefile | 1 + kernel/power/crypto_hibernation.c | 421 +++++++++++++++++++++++++++++++ kernel/power/hibernate.c | 67 +++++ kernel/power/power.h | 67 +++++ kernel/power/swap.c | 182 +++++++++++++- tools/power/crypto/Makefile | 24 ++ tools/power/crypto/crypto_hibernate.c | 462 ++++++++++++++++++++++++++++++++++ 9 files changed, 1270 insertions(+), 8 deletions(-) create mode 100644 kernel/power/crypto_hibernation.c create mode 100644 tools/power/crypto/Makefile create mode 100644 tools/power/crypto/crypto_hibernate.c -- 2.7.4