Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp175127imm; Thu, 26 Jul 2018 01:16:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfSwPP1JSy2P+M504tZZHCkirkV280zkX/ftxXpyUA7v67bTxm1xmH08kKQIZg9hCIcfGWH X-Received: by 2002:a17:902:48c8:: with SMTP id u8-v6mr1031569plh.152.1532592971110; Thu, 26 Jul 2018 01:16:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532592971; cv=none; d=google.com; s=arc-20160816; b=ti5FPnwd2GrTSpNtTt+kLxZW+AhoN9evuDMEQNXK8MR3tasDtajZGZ0nE822QUNRoN r8WzoCGspxndfV+6isAyyF33bH22QzLfO51dNUmpGlMDnWZAPfy+RbF4WMi/RJM7e5UJ OQsfB7f67cNct6zWS4r2R6VAdLnM6PDp3ChWsNynsMQTVKi4N1cZgSz/O9C5lvOFx0uY Y0o37SUXOZNDOMZtcbtzkle8xa255dnxBVtVqPKP5joKA2Tx7we1V5yoVGVqzoxIOUGa LHeRKh0KvvopM+5O80672uElNaYUtg86HkbJ6erlkpfzIhUVFA1x6HsO/AmgDLx5u1ST 1qaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=bLEDCtKh5wXWYjf6UhcJOSzZu7E5PIxDeQO/PC38PrI=; b=KZaT70MCp5YNQthcUWAY5zp6ezOA08yBjHWmqGQEvV1dl+fEXqjv7rfq8mHoGcGZ6L W1YLhU2YeKuBYwoLNRNdvq3UDK0jD26h+YMePaqfBVflLOiKxpK4TqS9glVQB9lxQHn8 KhbjlJ+bxbel5D1JcO/DhVGMdgiTos3BIWm0SfTMgY1r4en3RC2wIwK9llEjOktRi406 Y6kFQYtyChG5+ociRpP96p6vqPHAeJSqb0Tkb+OZInUeHe66jLwRXdDmdWPxEPEQ72dV KEG1uw6AMdsbfBrNjzQXPTnvtm4zylmNqwGepXleN1ht1QNFfQQYuMUyhVEVSwtw8DEy puyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 199-v6si837324pfv.114.2018.07.26.01.15.56; Thu, 26 Jul 2018 01:16:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729147AbeGZJ36 (ORCPT + 99 others); Thu, 26 Jul 2018 05:29:58 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:42440 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727951AbeGZJ36 (ORCPT ); Thu, 26 Jul 2018 05:29:58 -0400 Received: from linux-l9pv.suse (unknown.telstraglobal.net [134.159.103.118]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 26 Jul 2018 10:14:10 +0200 Date: Thu, 26 Jul 2018 16:14:04 +0800 From: joeyli To: Oliver Neukum Cc: Yu Chen , Pavel Machek , "Rafael J . Wysocki" , Eric Biggers , Theodore Ts o , Stephan Mueller , Denis Kenzior , linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180726081404.GG4244@linux-l9pv.suse> References: <20180718202235.GA4132@amd> <20180718235851.GA22170@sandybridge-desktop> <20180719110149.GA4679@amd> <20180719132003.GA30981@sandybridge-desktop> <20180720102532.GA20284@amd> <1532346156.3057.11.camel@suse.com> <20180723162302.GA4503@sandybridge-desktop> <1532590246.7411.3.camel@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1532590246.7411.3.camel@suse.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote: > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote: > > > > Good point, we once tried to generate key in kernel, but people > > suggest to generate key in userspace and provide it to the > > kernel, which is what ecryptfs do currently, so it seems this > > should also be safe for encryption in kernel. > > https://www.spinics.net/lists/linux-crypto/msg33145.html > > Thus Chun-Yi's signature can use EFI key and both the key from > > user space. > > Hi, > > ecryptfs can trust user space. It is supposed to keep data > safe while the system is inoperative. The whole point of Secure > Boot is a cryptographic system of trust that does not include > user space. > > I seriously doubt we want to use trusted computing here. So the > key needs to be generated in kernel space and stored in a safe > manner. As we have a saolution doing that, can we come to ausable > synthesis? > > Regards > Oliver Crurently there have two solutions, they are trusted key and EFI key. Both of them are generated in kernel and are not visible in user space. The trusted key is generated by kernel then sealed by the TPM's SRK. So the trusted key can be stored in anywhere then be enrolled to kernel when we need it. EVM already uses it. The EFI key is Jiri Kosina's idea. It is stored in boot services variable, which means that it can only be access by signed EFI binary (e.g. signed EFI boot stub) when secure boot be enabled. SLE applied this solution a couple of years. I am working on put the EFI key to key retention service. Then EFI key can be a master key of encrypted key. EVM can also use it: https://github.com/joeyli/linux-s4sign/commit/bae39460393ada4c0226dd07cd5e3afcef86b71f https://github.com/joeyli/linux-s4sign/commit/f552f97cc3cca5acd84f424b7f946ffb5fe8e9ec That's why I want to use key retention service in hibernation encryption/authentication. Which means that we can use key API to access trusted key and EFI key. Thanks Joey Lee