Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4525899imm; Tue, 7 Aug 2018 03:05:58 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeQVx1QEVwIBunfF+8EK4fMjtT/HGWmWi8b7IpdfwpspUxQ4d/NC6W5i+0Vgy10wSQDzZsQ X-Received: by 2002:a62:401:: with SMTP id 1-v6mr21056721pfe.28.1533636358314; Tue, 07 Aug 2018 03:05:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533636358; cv=none; d=google.com; s=arc-20160816; b=gkxpv8sgJ68gd5i1X24gAXwn/vSfAtmpUGLk6jqDkpDxMUBOvoVBiy2E8j7X7eAXjQ YbZ5J9WdClq6RW5LAtQAi0Ca08Q2Ery4dxjSSry7rTEkeTK6e0BuQudHWWXsFf+OscjY OaWvkE2f2pqQG0czT7XlT4omVZUtUxZe2RQTpxOAWAep3FgwEuk8bzaB3m+TwDSJ+sSi U/UnP02I5EbagudD6YthiSe2s04YFL1RAJXLnSNAfikws8V7HV7CimAzFJDNjgm6rfgD n2g3vL7Y4FzsNbqRvOlgNLul1Q3TS5yULeFm9JdhTQ1rAlpWJgQ/4faKwwYNy8VQc+qI xuJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=uTKRRcqvBPj52Zy3vLwaB9ydG7imngA7DLlA259ivQs=; b=RvDse22sof5uLGl1ViKQ8/JsI5YBgLja6G2Ev9UiSXCgYSQJTM75wEr1Pb/SmHKQyE x+h8q3/8spt5B38mqucks+JF29RZRorkOKbM+BE6U/M0cs0MY6CNpv4lFzdKoPrTdRbh o/MpJLFYIcDX9s+nALD916DO0OHgLl0XemqJ9DuaOwWjPTxhaZfSvQ03dFw1nAiBJ5vD fpFsvGzMSkBe469MlRESRqUMQrDfOi0bP1yf6cQ1BxEmRbfvGL16WkNol1JhDGuDGgj1 dnIOOVhUGA66i76iQBK7TTIY1p8bc48gLVz0dbrD5Z0S07IqnJ2tgm59UvsYZHSH+2vt R8zw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m24-v6si1035377pgl.452.2018.08.07.03.05.43; Tue, 07 Aug 2018 03:05:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388623AbeHGMR4 (ORCPT + 99 others); Tue, 7 Aug 2018 08:17:56 -0400 Received: from mx2.suse.de ([195.135.220.15]:35394 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727194AbeHGMR4 (ORCPT ); Tue, 7 Aug 2018 08:17:56 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 70EAFADC8; Tue, 7 Aug 2018 10:04:20 +0000 (UTC) Message-ID: <1533636259.7912.2.camel@suse.com> Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption From: Oliver Neukum To: Yu Chen Cc: Pavel Machek , "Rafael J . Wysocki" , Eric Biggers , "Lee, Chun-Yi" , Theodore Ts o , Stephan Mueller , Denis Kenzior , linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "Gu, Kookoo" , "Zhang, Rui" Date: Tue, 07 Aug 2018 12:04:19 +0200 In-Reply-To: <20180807073840.GA17894@chenyu-desktop> References: <20180718202235.GA4132@amd> <20180718235851.GA22170@sandybridge-desktop> <20180719110149.GA4679@amd> <20180719132003.GA30981@sandybridge-desktop> <20180720102532.GA20284@amd> <1532346156.3057.11.camel@suse.com> <20180723162302.GA4503@sandybridge-desktop> <1532590246.7411.3.camel@suse.com> <20180806075754.GA12124@chenyu-desktop> <1533550820.15815.14.camel@suse.com> <20180807073840.GA17894@chenyu-desktop> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Di, 2018-08-07 at 15:38 +0800, Yu Chen wrote: > > As STD affects the whole machine it must require root rights. > > So I cannot see how you can talk about a session belonging > > to a user. Please explain. > > > > The case is for physical access, not the 'user' in OS. Well, yes, but Secure Boot does not guard against anybody booting or halting the machine. It limits what you can boot by a chain of trust. I think you are trying to add a feature to Secure Boot. Regards Oliver