Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp5741568imm; Mon, 23 Jul 2018 05:24:53 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfKUdP4Fhfr/NWBQ8fBfJlwAYXEt6e96o/FfMZriGadSqgVX1MGoCUkJZdLFkPlswQJnkLZ X-Received: by 2002:a17:902:7482:: with SMTP id h2-v6mr12919082pll.185.1532348693840; Mon, 23 Jul 2018 05:24:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532348693; cv=none; d=google.com; s=arc-20160816; b=JfDKLdkHO0UHTQx/i5cWAs7QEpzc/bJti6M76/vIJPYDeZ3IV1PqjvdFW2ldb6hdrh rvs1NVQe0RSYQc98CuPQ1/rBgJYl/jp+Sqx1yGor2x7r5hs9FK0ZKfWJ3Rw2bbxm3Tgc 4yqLSNg9mWwZycLO5gSSKj0QO3M1MhcTh36Ebb0CeaILpAH/P85iXa4jx78E9tDS9lKR ZfDmlMZmzzaOyED9DQ+jsxYNf3pL6rC1fO/jl+HTtI4lp+PafyT/ICLXBjaO4okLUCuJ QEntbDWlsA+nu9YwtHjr6mTrLDg1AOYM1WgFIksmcT2ews9fIU0N3qJtk8NQjVro+BFC xjZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=1YuHcXmXchkANySWTenGGWspjOANUXqNvGPwxFmkSOY=; b=MSW7W4mqbDCRAmwkx5sFxIpxSqu1ns4Ek29Rppw7KjEXcy8LPzrNQZdjFewbYhsm1m Ixf2fnbJvOw+9cq2MUd9hiy2hWj5oOcQS7QflzZhhhSbWmSPu+edVxAMxuU1+LmP4Ilf sOA2FG3VtiHPqFLfLx2V6BNCAesJwbJyaDAK+6xj/3WoG/+T5NyNa3n74r927mwd5sdC 1+khT9l/SUMcqPttORUewbyJlpn8LstrWxtKDXD9O5ENmGZlWj78yUpq2pUCxpdicgcP rpZV5oFeQ3J4kajf+nF0kAuB7nry+1pweMmuxIn33dzHlQLAgZoqD7KDq5mKZc65irQh 9JIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12-v6si8780197pgh.264.2018.07.23.05.24.39; Mon, 23 Jul 2018 05:24:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388012AbeGWNX1 (ORCPT + 99 others); Mon, 23 Jul 2018 09:23:27 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:45838 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387801AbeGWNX0 (ORCPT ); Mon, 23 Jul 2018 09:23:26 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 069B880387; Mon, 23 Jul 2018 14:22:27 +0200 (CEST) Date: Mon, 23 Jul 2018 14:22:27 +0200 From: Pavel Machek To: Oliver Neukum Cc: Yu Chen , "Rafael J . Wysocki" , Eric Biggers , "Lee, Chun-Yi" , Theodore Ts o , Stephan Mueller , Denis Kenzior , linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180723122227.GA30092@amd> References: <20180718202235.GA4132@amd> <20180718235851.GA22170@sandybridge-desktop> <20180719110149.GA4679@amd> <20180719132003.GA30981@sandybridge-desktop> <20180720102532.GA20284@amd> <1532346156.3057.11.camel@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: <1532346156.3057.11.camel@suse.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > > > 2. Ideally kernel memory should be encrypted by the > > > kernel itself. We have uswsusp to support user > > > space hibernation, however doing the encryption > > > in kernel space has more advantages: > > > 2.1 Not having to transfer plain text kernel memory to > > > user space. Per Lee, Chun-Yi, uswsusp is disabled > > > when the kernel is locked down: > > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/ > > > linux-fs.git/commit/?h=3Dlockdown-20180410& > > > id=3D8732c1663d7c0305ae01ba5a1ee4d2299b7b4612 > > > due to: > > > "There have some functions be locked-down because > > > there have no appropriate mechanisms to check the > > > integrity of writing data." > > > https://patchwork.kernel.org/patch/10476751/ > >=20 > > So your goal is to make hibernation compatible with kernel > > lockdown? Do your patches provide sufficient security that hibernation > > can be enabled with kernel lockdown? >=20 > OK, maybe I am dense, but if the key comes from user space, will that > be enough? Yes, that seems to be one of problems of Yu Chen's patchset. > > > Joey Lee and I had a discussion on his previous work at > > > https://patchwork.kernel.org/patch/10476751 > > > We collaborate on this task and his snapshot signature > > > feature can be based on this patch set. > >=20 > > Well, his work can also work without your patchset, right? >=20 > Yes. But you are objecting to encryption in kernel space at all, > aren't you? I don't particulary love the idea of doing hibernation encryption in the kernel, correct. But we have this weird thing called secure boot, some people seem to want. So we may need some crypto in the kernel -- but I'd like something that works with uswsusp, too. Plus, it is mandatory that patch explains what security guarantees they want to provide against what kinds of attacks... Lee, Chun-Yi's patch seemed more promising. Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --huq684BweRXVnRxX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAltVyIMACgkQMOfwapXb+vIOHwCfWnqIbC9JuKoYO//G3dJDkF4H cqYAnReOwwOusvgY1EgOrXWVBygOU3+J =lsnx -----END PGP SIGNATURE----- --huq684BweRXVnRxX--