Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1792926imm; Thu, 19 Jul 2018 07:59:54 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdesfFogW7zdKNuHgxD9loThPnESUWeCyTSEhjXMXszkU2i22rcRzIhBVmz7BA2ESE5JPPd X-Received: by 2002:a62:9541:: with SMTP id p62-v6mr9825062pfd.152.1532012394457; Thu, 19 Jul 2018 07:59:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532012394; cv=none; d=google.com; s=arc-20160816; b=AS7TiLZAhsNu4n8Zde+kXplC82nzCtDt1sYywDZjc+5ODzKZhLj9PagSXTc6JjdHrt tZHqcYO86TD7nFJJ5M56Fu7zHhO7/kMGVCOPQ7M2cf6GyAuI3p4dSBGG3A5hifDLvdcX h3hf23GlterGPvcMxbsXVaJujAqsW0pAZz3ssn66NTTRlmwlgZNErWyTlyveMZ+lPeY+ AzrmcbdejDJk0rEofheOnaa64OoUIBW6Nq6tYi1ygI83VfRtKgJ8Inef6FJnST2OsbKK rJYuc000csJb8iIbvRYbsoBMnSC3dKdtDuDKQlTQ/KkKXkfBcchrThxYfeHGJY4s4bBZ sArQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=yf4SZFugCCWQqpR+371K3dLxm5p5djaQ7nNAZm2q96U=; b=qY2TCKvUmcr9TjORGXHlhYUxvCUxve/Ngxdkvlnen6de2B6/rfq8D/JZvfqdsZ//l9 daOOHLWNkHRkrwpo01ERZXqQAGH/FLYq4gUN1ZpzXg5IuXM8gito70duTdmeCu8n+lvP xa89AXCKQ3DDWgBJBTFWrxdH4kQ9hClM95gop+gApPy+1DOLALXYHpIaMMLEp3Ujcic0 xzzPjAlPiEe67D390SbnX5J5dEqIWO8fsmg98s4/mXdAyqFhLZ1onOohkk8oieF6OKSh lAD9Yx1lOWTLHxlR1a8fAM2Fa7qOLXYV3iCZ+Msi48zfTcqOMowogLli2Llpnhi5Ulkz MvAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f5-v6si7001302pln.414.2018.07.19.07.59.39; Thu, 19 Jul 2018 07:59:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731777AbeGSPmi (ORCPT + 99 others); Thu, 19 Jul 2018 11:42:38 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:59647 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730919AbeGSPmh (ORCPT ); Thu, 19 Jul 2018 11:42:37 -0400 Received: from linux-l9pv.suse (124-11-22-254.static.tfn.net.tw [124.11.22.254]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 19 Jul 2018 16:58:57 +0200 Date: Thu, 19 Jul 2018 22:58:47 +0800 From: joeyli To: Pavel Machek Cc: Yu Chen , "Rafael J . Wysocki" , Eric Biggers , Theodore Ts o , Stephan Mueller , Denis Kenzior , linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180719145847.GJ18419@linux-l9pv.suse> References: <20180718202235.GA4132@amd> <20180718235851.GA22170@sandybridge-desktop> <20180719110149.GA4679@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180719110149.GA4679@amd> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Thu, Jul 19, 2018 at 01:01:49PM +0200, Pavel Machek wrote: > On Thu 2018-07-19 07:58:51, Yu Chen wrote: > > Hi, > > On Wed, Jul 18, 2018 at 10:22:35PM +0200, Pavel Machek wrote: > > > On Thu 2018-07-19 00:38:06, Chen Yu wrote: > > > > As security becomes more and more important, we add the in-kernel > > > > encryption support for hibernation. > > > > > > Sorry, this does not really explain what security benefit it is > > > supposed have to against what attack scenarios. > > > > > > Which unfortunately means it can not reviewed. > > > > > > Note that uswsusp already provides encryption. If this is supposed to > > > have advantages over it, please say so. > > > > > The advantages are described in detail in > > [PATCH 1/4]'s log, please refer to that. > > Are you refering to this? > > # Generally the advantage is: Users do not have to > # encrypt the whole swap partition as other tools. > # After all, ideally kernel memory should be encrypted > # by the kernel itself. > > Sorry, this does not really explain what security benefit it is > supposed have to against what attack scenarios. > > Note that uswsusp already provides encryption. If this is supposed to > have advantages over it, please say so. > > Also note that joeyli has patch series which encrypts > both in-kernel and uswsusp hibernation methods. His motivation is > secure boot. How does this compare to his work? > My patchset signs and encrypts the snapshot image pages in memory. The main logic is applied to snapshot.c https://github.com/joeyli/linux-s4sign/commit/bae39460393ada4c0226dd07cd5e3afcef86b71f The pros of my solution is that the signed/encrypted snapshot image can be stored to anywhere. Both in-kernel and userspace. Yu's patch is encrypt the page buffer before sending to block io layer for writing to swap. The main logic is applied to swap.c. It's against the swap solution in-kernel. The pros of Yu's solution is that it encrypts the compressed image data. So, for the huge system memory case, it has better performance. Yu's plan is using the sysfs to switch different encrypt/sign solutions. And, we will share encrypt/sign helper and key manager in the above two solutions. Thanks a lot! Joey Lee