Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1557725imm; Wed, 8 Aug 2018 20:38:12 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyeBp8b192r9+zL/w32LaX477+Z7sUOXMoBjDx2YBNwMTTt6/uZJHOR2P0XloleSW6unkE3 X-Received: by 2002:a62:2f84:: with SMTP id v126-v6mr441791pfv.115.1533785892286; Wed, 08 Aug 2018 20:38:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533785892; cv=none; d=google.com; s=arc-20160816; b=0vIaz2tZW3oJajvICE7Bx5UdBAG10Llo+X52EewCkYi6z8+1LGRl/Ls6N+6NtX0yOY 8u+CGxY7Z0fj9seWIYgtgmM3MZx1Nasc3SqXE22r6pGZ2XuRYwnXuQhpkc67fPFq9CSy Wx850zAufOj3BuoU/+hFcebPtrCFXPn+NCOMuRr7yFbo2MB7WHUH3QfVi8uMQU7QYhLd CkcN1FAgYzgac9LRbYsaGxD7Gnct1LnTu9kn1rNW5Nsk0vopOepkvNMe3FA9gsob5U1J d4vYOojwmzyLunpuy2/im0Uu67HqMGq2nLrORKGPKN99Amw6oZnfXQvatLGNXYRw/CDq 7t/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=ri8gB+EVEUjGRbX79feFXo/Rg7eufkECmBK8Z3fV2Kc=; b=hJ2mfsxPBLDiVwxMV8zud5J5JBdZbqDY3rYOiu3ew+8JlIrxRqMeNBJqwF8scY6xvp xNk3EqPaRfJMPFS1whw03kjqx/Yes/JO3FMPzbun6n7pSIc07MEibet+/8b0/q3T+ZJh NczysSaxUlMr9muk0ctgYaQBR+uQfUp33CP3xl31ci49bKkrSPVJQt9pBVqhLcX5zQkB RlzJr7wNPoY6s7b3neTlh4BsGjzMQjx/EONjK7yYPRhSPMD3CGj4SHChM03cGkETLbdc OSfhJiIdaEu9k6DQAhN6w85U6aUxiHwcF26iN83ImHA8pxLXOclHey4ivC0VswGBMqoP 52kw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 15-v6si5487840pgu.205.2018.08.08.20.37.57; Wed, 08 Aug 2018 20:38:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727830AbeHIF7t (ORCPT + 99 others); Thu, 9 Aug 2018 01:59:49 -0400 Received: from mga18.intel.com ([134.134.136.126]:19916 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727138AbeHIF7s (ORCPT ); Thu, 9 Aug 2018 01:59:48 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Aug 2018 20:37:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,213,1531810800"; d="scan'208";a="78764957" Received: from chenyu-desktop.sh.intel.com (HELO chenyu-desktop) ([10.239.160.116]) by fmsmga004.fm.intel.com with ESMTP; 08 Aug 2018 20:37:04 -0700 Date: Thu, 9 Aug 2018 11:43:20 +0800 From: Yu Chen To: Pavel Machek Cc: joeyli , Ryan Chen , oneukum@suse.com, "Rafael J. Wysocki" , ebiggers@google.com, Theodore Ts'o , smueller@chronox.de, denkenz@gmail.com, Linux PM list , linux-crypto@vger.kernel.org, Linux Kernel Mailing List , kookoo.gu@intel.com, Zhang Rui Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180809034320.GB21364@chenyu-desktop> References: <1532590246.7411.3.camel@suse.com> <20180726081404.GG4244@linux-l9pv.suse> <20180730170415.GQ4244@linux-l9pv.suse> <20180803033702.GB416@sandybridge-desktop> <20180803053445.GC4244@linux-l9pv.suse> <20180805100200.GB22948@amd> <20180806084534.GB12124@chenyu-desktop> <20180806103958.GI27062@linux-l9pv.suse> <20180808175845.GB16217@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180808175845.GB16217@amd> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Wed, Aug 08, 2018 at 07:58:45PM +0200, Pavel Machek wrote: > On Mon 2018-08-06 18:39:58, joeyli wrote: > > On Mon, Aug 06, 2018 at 04:45:34PM +0800, Yu Chen wrote: > > > Hi Pavel, > > > On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote: > > > > Hi! > > > > > > > > > > User space doesn't need to involve. The EFI root key is generated by > > > > > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service > > > > > > variable that it can only be accessed by trusted EFI binary when > > > > > > secure boot is enabled. > > > > > > > > > > > Okay, this apply to the 'suspend' phase, right? > > > > > I'm still a little confused about the 'resume' phase. > > > > > Taking encryption as example(not signature), > > > > > the purpose of doing hibernation encryption is to prevent other users > > > > > from stealing ram content. Say, user A uses a passphrase to generate the > > > > > > > > No, I don't think that's purpose here. > > > > > > > > Purpose here is to prevent user from reading/modifying kernel memory > > > > content on machine he owns. > > > > > > > Say, A puts his laptop into hibernation and walks away, > > > and B walks by, and opens A's laptop and wakes up the system and he > > > can do what he wants. Although EFI key/TPM trusted key is enabled, > > > currently there's no certification during resume, which sounds > > > unsafe to me. Afterall, the original requirement is to probe > > > user for password during resume, which sounds more natural. > > > > OK, I saw your case. This is a physical accessing. > > > > I have a question: The suspend to memory also has the same behavior > > and more people are using suspend. Should we think a common solution > > to cover S3 and S4? > > Well, we have similar problem during runtime, too ;-). > > Anyway, I don't think we should encrypt memory during S3 in kernel. > It seems that Joey was talking about certification(something like login) rather than encryption? Best, Yu > If you wanted to do that, you could use uswsusp to take snapshot, > store it in ram, encrypt, erase originals (new API might be > needed... hmm. does not exactly sound easy... kexec?), trigger S3, decrypt, > resume from snapshot... > > Sounds like a bit of work... > > Best regards, > > Pavel > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html