Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1805678imm; Thu, 9 Aug 2018 02:12:42 -0700 (PDT) X-Google-Smtp-Source: AA+uWPz65fOmWM/pMkScM/8L0xmfZfUfhWAyMkDsHQ5CkIuMMDbyzy03R6Eq/a3ceaDLsd1BKNDZ X-Received: by 2002:a63:181e:: with SMTP id y30-v6mr1347095pgl.82.1533805962675; Thu, 09 Aug 2018 02:12:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533805962; cv=none; d=google.com; s=arc-20160816; b=PMK5pSyvXMHbYIMmNEG6ITaGaVy06g5V115DyFvdVIryCBEMlcQsb4Py7dM/Uo7yy5 kqAD7xGZaIXGsJUerXXeeSGoMd2fECt8S+bU76gADwb2KGo1QVlIS+oXsnnctJukT3gj sq9PcfJZ15vRDoVxT+C9+wM2V2/QHpID27qVZtg9Jwj5INwhpYDo2+6ZQGX3bDEqtOKL xcf8u/6wJHTZz5ho5MZownhWzpEerV/BF6AemyVT1C8UsJGVSHJD5vKNB9r0npl7w9b1 DRMUADfb+rsirNBSj5PSFEWLEvklxRSfGVo8kmz/O2439LK6RJuns47twLEVKL4eNuMG S7bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=AqF1+BMTtmmYaPHaftUFJY/LfTX2hO+G+9a2u6q3jbs=; b=nUb+Jk82aCWk66PCwVZGByKWEXrXPYb4Cvve/NK752mlMSrBrO8QF6LxsXG+Hd15Ny +k0g7iQ3XlelYnPTDA6Xz+QVWejXo4PTz13XBs11/RveYxKIT+Um2rI7V7iKWn/pTqfo NLPRRx0CbSn/CDZoDZpvMaWqpy+CB2Fo4cgzfj0vwL3c4RezARLDH9hd+TCSHrmOVFCL yv5oOMxGVrWYcB18ESFiCJNHzpgOrMBDoZYdh0eq3Fjg94/x3ZMmJuSKGRqgKgPbB3Tj +qtnCbsW7KorK+UIZsrNDl+wboVDeqGkbCI9k8qjqvIwIskhKw4ougKcTtVwil/Idtl1 UNPQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e15-v6si5623992pli.149.2018.08.09.02.12.27; Thu, 09 Aug 2018 02:12:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730127AbeHILfK (ORCPT + 99 others); Thu, 9 Aug 2018 07:35:10 -0400 Received: from mx2.suse.de ([195.135.220.15]:38504 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727371AbeHILfK (ORCPT ); Thu, 9 Aug 2018 07:35:10 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 63959AF3F; Thu, 9 Aug 2018 09:11:13 +0000 (UTC) Message-ID: <1533805400.17217.16.camel@suse.com> Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption From: Oliver Neukum To: Yu Chen , Pavel Machek Cc: Ryan Chen , jlee@suse.com, "Rafael J. Wysocki" , ebiggers@google.com, Theodore Ts'o , smueller@chronox.de, denkenz@gmail.com, Linux PM list , linux-crypto@vger.kernel.org, Linux Kernel Mailing List , kookoo.gu@intel.com, Zhang Rui Date: Thu, 09 Aug 2018 11:03:20 +0200 In-Reply-To: <20180809030135.GA21364@chenyu-desktop> References: <20180723162302.GA4503@sandybridge-desktop> <1532590246.7411.3.camel@suse.com> <20180726081404.GG4244@linux-l9pv.suse> <20180730170415.GQ4244@linux-l9pv.suse> <20180803033702.GB416@sandybridge-desktop> <20180803053445.GC4244@linux-l9pv.suse> <20180805100200.GB22948@amd> <20180806084534.GB12124@chenyu-desktop> <20180808175036.GA16217@amd> <20180809030135.GA21364@chenyu-desktop> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Do, 2018-08-09 at 11:01 +0800, Yu Chen wrote: Hi, > User requirement: > A is the user, B is the attacker, user A launches a STD and > encrypts A's ram data, then writes these encrypted data onto > the disk, so that: Even if user B has access to the disk, > B could not know the content of A. Which implies: > 1. If B unplugs the disk from A's machine, and plugs the disk onto > another machine, B could not decode the content without A's > 'permission'. That is what encrypted STD does. > 2. If B is using the same machine as A, even A has walked away leaving > the system suspend, B could not resume to A's context without > A's 'permission'. No, that is out of scope for Secure Boot > Previously, there are three proposal for this: > a. Enhance the uswsusp(Pavel) > b. Using user provided password to generate the key, for encryption(Yu) > c. Using security boot(TPM or EFI key) for encryption(Joey) > > Since I was proposing solution b, I'll say a little more about it. > The original idea was that, the user provides a password, then this > password is used to generate the key, which means, if user B has provided > an incorrect password, the kernel will fail to decrypt the data and is > likely to fail the resume process. That is to say, no matter > which physical machine B is using, only if he has provided the > password, he would be able to resume. In the first version, the key > deviration was firstly done in kernel space, which satisfies the > requirement and both saftey. Unfortunately it was rejected and > people would like to see the key generated in user space instead. > However, using user provided key directly is not safe, according > to the discussion in the thread. I don't have good idea on > how to improve this, but only have some workarounds, say, ask the > kernel to use TPM key to protects the user provided 'key', etc. Well, this has no relation to Secure Boot. Secure Boot will not prevent you from booting the machine. It restricts the OS you can boot to a cryptographically signed subset. If you want to demand a password to resume a machine, you can do so. But it has no relation to encrypted STD, other than that you need encrypted STD for this to make sense. > Then let's talk a little more about secure boot. According > to my understanding, the situation secure boot tries to deal > with is a little different from the user case we raised above - > It is an enhancement for case 1, because it refuses to resume > once the machine is changed. And it does not cover case 2. But > if it is a requirement from the user, that's ok. > > uswsusp is to do all the staff in user space, and other two > aim to do all the staff in kernel space. I'm not arguing > which one is better, but I'm not sure how often user is using > it, as we don't get uswsusp related bug report on kernel > bugzilla (both internally)recent years. Another point is, > why the compression is in kernel rather than in uswsusp, > it looks like the same case as encryption here. Secure Boot has no concept of users. Code is trusted, not users. For Secure Boot to work, you need a key generated and RAM encrypted in kernel space. If you want a requirement to restrict booting or resuming, you need to encrypt the key. These are different things. Regards Oliver