Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4525899imm;
        Tue, 7 Aug 2018 03:05:58 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpeQVx1QEVwIBunfF+8EK4fMjtT/HGWmWi8b7IpdfwpspUxQ4d/NC6W5i+0Vgy10wSQDzZsQ
X-Received: by 2002:a62:401:: with SMTP id 1-v6mr21056721pfe.28.1533636358314;
        Tue, 07 Aug 2018 03:05:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533636358; cv=none;
        d=google.com; s=arc-20160816;
        b=gkxpv8sgJ68gd5i1X24gAXwn/vSfAtmpUGLk6jqDkpDxMUBOvoVBiy2E8j7X7eAXjQ
         YbZ5J9WdClq6RW5LAtQAi0Ca08Q2Ery4dxjSSry7rTEkeTK6e0BuQudHWWXsFf+OscjY
         OaWvkE2f2pqQG0czT7XlT4omVZUtUxZe2RQTpxOAWAep3FgwEuk8bzaB3m+TwDSJ+sSi
         U/UnP02I5EbagudD6YthiSe2s04YFL1RAJXLnSNAfikws8V7HV7CimAzFJDNjgm6rfgD
         n2g3vL7Y4FzsNbqRvOlgNLul1Q3TS5yULeFm9JdhTQ1rAlpWJgQ/4faKwwYNy8VQc+qI
         xuJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :arc-authentication-results;
        bh=uTKRRcqvBPj52Zy3vLwaB9ydG7imngA7DLlA259ivQs=;
        b=RvDse22sof5uLGl1ViKQ8/JsI5YBgLja6G2Ev9UiSXCgYSQJTM75wEr1Pb/SmHKQyE
         x+h8q3/8spt5B38mqucks+JF29RZRorkOKbM+BE6U/M0cs0MY6CNpv4lFzdKoPrTdRbh
         o/MpJLFYIcDX9s+nALD916DO0OHgLl0XemqJ9DuaOwWjPTxhaZfSvQ03dFw1nAiBJ5vD
         fpFsvGzMSkBe469MlRESRqUMQrDfOi0bP1yf6cQ1BxEmRbfvGL16WkNol1JhDGuDGgj1
         dnIOOVhUGA66i76iQBK7TTIY1p8bc48gLVz0dbrD5Z0S07IqnJ2tgm59UvsYZHSH+2vt
         R8zw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m24-v6si1035377pgl.452.2018.08.07.03.05.43;
        Tue, 07 Aug 2018 03:05:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388623AbeHGMR4 (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Tue, 7 Aug 2018 08:17:56 -0400
Received: from mx2.suse.de ([195.135.220.15]:35394 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727194AbeHGMR4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 7 Aug 2018 08:17:56 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 70EAFADC8;
        Tue,  7 Aug 2018 10:04:20 +0000 (UTC)
Message-ID: <1533636259.7912.2.camel@suse.com>
Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation
 encryption
From:   Oliver Neukum <oneukum@suse.com>
To:     Yu Chen <yu.c.chen@intel.com>
Cc:     Pavel Machek <pavel@ucw.cz>,
        "Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
        Eric Biggers <ebiggers@google.com>,
        "Lee, Chun-Yi" <jlee@suse.com>, Theodore Ts o <tytso@mit.edu>,
        Stephan Mueller <smueller@chronox.de>,
        Denis Kenzior <denkenz@gmail.com>, linux-pm@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        "Gu, Kookoo" <kookoo.gu@intel.com>,
        "Zhang, Rui" <rui.zhang@intel.com>
Date:   Tue, 07 Aug 2018 12:04:19 +0200
In-Reply-To: <20180807073840.GA17894@chenyu-desktop>
References: <20180718202235.GA4132@amd>
         <20180718235851.GA22170@sandybridge-desktop> <20180719110149.GA4679@amd>
         <20180719132003.GA30981@sandybridge-desktop> <20180720102532.GA20284@amd>
         <1532346156.3057.11.camel@suse.com>
         <20180723162302.GA4503@sandybridge-desktop>
         <1532590246.7411.3.camel@suse.com> <20180806075754.GA12124@chenyu-desktop>
         <1533550820.15815.14.camel@suse.com>
         <20180807073840.GA17894@chenyu-desktop>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Di, 2018-08-07 at 15:38 +0800, Yu Chen wrote:
> > As STD affects the whole machine it must require root rights.
> > So I cannot see how you can talk about a session belonging
> > to a user. Please explain.
> > 
> 
> The case is for physical access, not the 'user' in OS.

Well, yes, but Secure Boot does not guard against anybody
booting or halting the machine. It limits what you can
boot by a chain of trust.

I think you are trying to add a feature to Secure Boot.

	Regards
		Oliver