Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1559111imm; Thu, 19 Jul 2018 04:03:10 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcf6IUL+YlGINLxuXfIyX7t9M+k3y+wmUY3Jex9ysltpECrNlDHFrRSnjwwGI4nAwXc6iVA X-Received: by 2002:a17:902:2927:: with SMTP id g36-v6mr9522005plb.303.1531998190723; Thu, 19 Jul 2018 04:03:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531998190; cv=none; d=google.com; s=arc-20160816; b=0aqdp0sfcvPJ6rYRVZq4niBNJxPAKtYVHpAGpNkRGHY6nHftzPRL78edBHDlJ1hiwj mCS4jC1+qIzcfQ06HROrPY9auyFs2hovxKFXWs2jFuDxfh1EndZF8m2aaReRrQkp4+ZU C4XMkLE4NCbO+DyOk4RZq6yw1DjEDRkZ4mVktMqpHsY1kto5KHAxhgPzgl4eSTsHyDpc +4xi7gQCa92cltN1Jl2mLy7thVsXyY2xiX+7kEKAyPJvz1oF5u+hifK4LseMdG6HVomz dMoa83jr7QmTmC0Vx5lODw8wx7Wr+oE3ohaTWzOPRX1/Y9XA3vgMGyKKR2tMr9xTIWeO Mm/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=XN14cHr4Thkp+rrRI9sCTIjJ5tOBm9mkiaCoups1LsY=; b=C04talo+bwWPCJUJnMR8PW8nTg7JLU6jjaUy3rIq3lcctOAnREk6TxX9i4hhNe4u70 H0DhA1x0+VRgVx2BzKpegPol2aNLoZ1RdpDnLMs0k2Bp9bO9f4KEoesntDmXr8DkHLkO eOSt3FHLc5H1UJsUKORl4i3U3HT0UeiQMOpt/flRDHJe5qMLQn4iEfqfsQLbTO0TOwJL UUytMm6hvm0pTuVLz+AC9kvYlKYt6V8/rgRg5JaD1Zd6NR3H5uMEjMe0EDTf9mqvLU05 5R5TLpp4ECYzRtV4iJYJvLkC6Kk4qGhXDWVObrHh3fiD1Zla3KCwsR4zv0MmcPX1DhJB Zuvw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g12-v6si5144598pll.384.2018.07.19.04.02.56; Thu, 19 Jul 2018 04:03:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731438AbeGSLog (ORCPT + 99 others); Thu, 19 Jul 2018 07:44:36 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:48771 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731236AbeGSLog (ORCPT ); Thu, 19 Jul 2018 07:44:36 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 076F980496; Thu, 19 Jul 2018 13:01:54 +0200 (CEST) Date: Thu, 19 Jul 2018 13:01:49 +0200 From: Pavel Machek To: Yu Chen Cc: "Rafael J . Wysocki" , Eric Biggers , "Lee, Chun-Yi" , Theodore Ts o , Stephan Mueller , Denis Kenzior , linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180719110149.GA4679@amd> References: <20180718202235.GA4132@amd> <20180718235851.GA22170@sandybridge-desktop> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline In-Reply-To: <20180718235851.GA22170@sandybridge-desktop> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu 2018-07-19 07:58:51, Yu Chen wrote: > Hi, > On Wed, Jul 18, 2018 at 10:22:35PM +0200, Pavel Machek wrote: > > On Thu 2018-07-19 00:38:06, Chen Yu wrote: > > > As security becomes more and more important, we add the in-kernel > > > encryption support for hibernation. > >=20 > > Sorry, this does not really explain what security benefit it is > > supposed have to against what attack scenarios. > >=20 > > Which unfortunately means it can not reviewed. > >=20 > > Note that uswsusp already provides encryption. If this is supposed to > > have advantages over it, please say so. > >=20 > The advantages are described in detail in=20 > [PATCH 1/4]'s log, please refer to that. Are you refering to this? # Generally the advantage is: Users do not have to # encrypt the whole swap partition as other tools. # After all, ideally kernel memory should be encrypted # by the kernel itself. Sorry, this does not really explain what security benefit it is supposed have to against what attack scenarios. Note that uswsusp already provides encryption. If this is supposed to have advantages over it, please say so. Also note that joeyli has patch series which encrypts both in-kernel and uswsusp hibernation methods. His motivation is secure boot. How does this compare to his work? Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAltQb50ACgkQMOfwapXb+vJRegCfdloEMqo/8OjQ8iUXht7vmf1J /jwAn1qMR2BSC4CNsYN7BUmawMByRuzR =wdh8 -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC--