Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1758663imm; Thu, 9 Aug 2018 01:14:15 -0700 (PDT) X-Google-Smtp-Source: AA+uWPwLTXAv8UmhrkNBHhzyVn/E0Kl563QF1QbyL9txaGCPsSKdqfR8chlzxIL8Xw1cjAT4grqO X-Received: by 2002:a63:df04:: with SMTP id u4-v6mr1147664pgg.434.1533802455421; Thu, 09 Aug 2018 01:14:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533802455; cv=none; d=google.com; s=arc-20160816; b=Y2UNL0Tvaw/XgramdEHq85BUvgZ9J9UA+RmtvVWFGBuDlaycaLJvHLdYSwCI+VrViT Us3Zq+bNYg/TQON4yJVBQZxYrXTCwuJ25zFDH7tnM9pZUC/aN1veQuXnpSx+z7Vua2Z/ R/0gWW2y1GNhrN8X5+ArhJyo14QKUNbf3G1tZSxGd3tpa9K0NBJb/CO7mK6lp31eJIV/ 1NddBTOMLWlkG1PItA5mEUCguJAKzG/99Y17aHosh6xo3phtWNXXEy6whoDm8hBrF1Sk iRdf8xGok4UCYeDukLtpkmUZFqH0595Zmm4TdpBzjEqJbcwrPsXqw33ATSzeOb41JzvQ 6PXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=UGb9Fc4iv7T3KQDbyWeywNbAnWq6+a3JBtNFk8xUrHM=; b=RjtP4/7wBtpoAUN3Sg8GnOnPZewTfuxEdzvNnwXRH1gPHw4UB6rjBDMHozCB45nuNY VExnPgXXr8x0nxrgWowfTZ30+A5K2pEOu4Ii/fkSSf5beEtBVKNObbObDss746F3WmEU mU8wFOpfaPas8vfwjIwL+wDIsM2wzi3zltXwVkP16MawMN9frybK1YfzIwqOaSluJt/O 4k1WCBrMs1FO6Hye7q77OAQMQeI/glRflQr5lZngPGgkOXNhfn/H71NrGlqN8eNnAHk6 Mf73yA27xU3pXEnuzQnGDWSQMnK/MovvnKexJdyuXiY2evqucmWoydnfX4ubulPluQe2 +pIg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a74-v6si6944503pfe.301.2018.08.09.01.14.00; Thu, 09 Aug 2018 01:14:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728875AbeHIKf6 (ORCPT + 99 others); Thu, 9 Aug 2018 06:35:58 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:60369 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727371AbeHIKf6 (ORCPT ); Thu, 9 Aug 2018 06:35:58 -0400 Received: from linux-l9pv.suse (unknown.telstraglobal.net [134.159.103.118]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 09 Aug 2018 10:12:10 +0200 Date: Thu, 9 Aug 2018 16:12:05 +0800 From: joeyli To: Yu Chen Cc: Pavel Machek , Ryan Chen , oneukum@suse.com, "Rafael J. Wysocki" , ebiggers@google.com, Theodore Ts'o , smueller@chronox.de, denkenz@gmail.com, Linux PM list , linux-crypto@vger.kernel.org, Linux Kernel Mailing List , kookoo.gu@intel.com, Zhang Rui Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180809081205.GJ13767@linux-l9pv.suse> References: <20180726081404.GG4244@linux-l9pv.suse> <20180730170415.GQ4244@linux-l9pv.suse> <20180803033702.GB416@sandybridge-desktop> <20180803053445.GC4244@linux-l9pv.suse> <20180805100200.GB22948@amd> <20180806084534.GB12124@chenyu-desktop> <20180806103958.GI27062@linux-l9pv.suse> <20180808175845.GB16217@amd> <20180809034320.GB21364@chenyu-desktop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180809034320.GB21364@chenyu-desktop> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 09, 2018 at 11:43:20AM +0800, Yu Chen wrote: > Hi, > On Wed, Aug 08, 2018 at 07:58:45PM +0200, Pavel Machek wrote: > > On Mon 2018-08-06 18:39:58, joeyli wrote: > > > On Mon, Aug 06, 2018 at 04:45:34PM +0800, Yu Chen wrote: > > > > Hi Pavel, > > > > On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote: > > > > > Hi! > > > > > > > > > > > > User space doesn't need to involve. The EFI root key is generated by > > > > > > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service > > > > > > > variable that it can only be accessed by trusted EFI binary when > > > > > > > secure boot is enabled. > > > > > > > > > > > > > Okay, this apply to the 'suspend' phase, right? > > > > > > I'm still a little confused about the 'resume' phase. > > > > > > Taking encryption as example(not signature), > > > > > > the purpose of doing hibernation encryption is to prevent other users > > > > > > from stealing ram content. Say, user A uses a passphrase to generate the > > > > > > > > > > No, I don't think that's purpose here. > > > > > > > > > > Purpose here is to prevent user from reading/modifying kernel memory > > > > > content on machine he owns. > > > > > > > > > Say, A puts his laptop into hibernation and walks away, > > > > and B walks by, and opens A's laptop and wakes up the system and he > > > > can do what he wants. Although EFI key/TPM trusted key is enabled, > > > > currently there's no certification during resume, which sounds > > > > unsafe to me. Afterall, the original requirement is to probe > > > > user for password during resume, which sounds more natural. > > > > > > OK, I saw your case. This is a physical accessing. > > > > > > I have a question: The suspend to memory also has the same behavior > > > and more people are using suspend. Should we think a common solution > > > to cover S3 and S4? > > > > Well, we have similar problem during runtime, too ;-). > > > > Anyway, I don't think we should encrypt memory during S3 in kernel. > > > It seems that Joey was talking about certification(something like login) > rather than encryption? > Actually I do not have good idea. Joey Lee