Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2204243imm; Thu, 9 Aug 2018 08:58:29 -0700 (PDT) X-Google-Smtp-Source: AA+uWPx7oJ91Y+GmgwPMUoACkezDXwxFPSj35WOZpIg4hKkdelSHe6877jYHyk2KAp3FFFlSwV/E X-Received: by 2002:a17:902:9681:: with SMTP id n1-v6mr2646430plp.244.1533830309202; Thu, 09 Aug 2018 08:58:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533830309; cv=none; d=google.com; s=arc-20160816; b=F+NifhgUk4toe1ftiP6ZBj/dSKEAfl+Cul8fg1BHuMILMy5PIk592L4jz8IG2ZZ1F3 dXQjoreI6oSnz5nutlkyN2Z//idrHnfvy1342dSvpsgoAKf1i9eFrKDjAbgac9r8hmh9 Y0QnpkKp/MRAdgN+Vnj+4iJZVOWnJqqTOFwDdJ38QZA0FUWzOa87Va+xSiqWNeykpIbe iAGhPoYFCtax5YuNicGDU9FUbGUX0imCiFFIFNnF6c44EPvOdy625qQdY8luW0CkVeqb 01GJI5ICudSxE9SylMDdzkDNa7T/jHDmxV4auZU+6FxePh67yypzDFqIZrTnnZcmrGye pq6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=rbAv+deDhUolC6zjtm/zSpsthdvSslpowLCOzx7tPac=; b=pfYEQofemdgLz69ry39B1OooY8YVyRWI1iS2dX57BUvuV7XmR+w9GeburkVpwi/sw1 oga0uY4/vg6Cktn7zVJjGQ3JLPBRjDHCVNZ0cqxTKtIFSboPsZsYnf/R1cIvB+mbQTaL w3QeX2eAmS8E9UOtP7bEb5m4iKyLt3hcupD52/aHbxUAuj454Rc0SA0ALD0SCe3vPPR0 S30oRyU5WPTitR9E+4wrs5Kbuyi9A+VnO1fEDDbWSzfq3ez9dqfF12fA+xJTNvyPH7UV 7X5MQ8LjL6kTgYqzEeCVDEzzhTiqAsgwkIr202cRZXQrU87/3iqP3YrLvxC66MtkxJPS rChw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t7-v6si6872721pfh.3.2018.08.09.08.58.14; Thu, 09 Aug 2018 08:58:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732561AbeHISVx (ORCPT + 99 others); Thu, 9 Aug 2018 14:21:53 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:46470 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731065AbeHISVx (ORCPT ); Thu, 9 Aug 2018 14:21:53 -0400 Received: from linux-l9pv.suse (124-11-22-254.static.tfn.net.tw [124.11.22.254]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 09 Aug 2018 17:56:00 +0200 Date: Thu, 9 Aug 2018 23:55:45 +0800 From: joeyli To: Yu Chen Cc: Pavel Machek , Ryan Chen , oneukum@suse.com, "Rafael J. Wysocki" , ebiggers@google.com, Theodore Ts'o , smueller@chronox.de, denkenz@gmail.com, Linux PM list , linux-crypto@vger.kernel.org, Linux Kernel Mailing List , kookoo.gu@intel.com, Zhang Rui Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Message-ID: <20180809155544.GK13767@linux-l9pv.suse> References: <1532590246.7411.3.camel@suse.com> <20180726081404.GG4244@linux-l9pv.suse> <20180730170415.GQ4244@linux-l9pv.suse> <20180803033702.GB416@sandybridge-desktop> <20180803053445.GC4244@linux-l9pv.suse> <20180805100200.GB22948@amd> <20180806084534.GB12124@chenyu-desktop> <20180808175036.GA16217@amd> <20180809030135.GA21364@chenyu-desktop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180809030135.GA21364@chenyu-desktop> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 09, 2018 at 11:01:35AM +0800, Yu Chen wrote: > Hi Pavel, Joey, Oliver > Please let me describe the original requirement and my > understanding about hibernation encryption here, thus > help us sync on the same thread: > On Wed, Aug 08, 2018 at 07:50:36PM +0200, Pavel Machek wrote: > > Hi! > > > > > > > > User space doesn't need to involve. The EFI root key is generated by > > > > > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service > > > > > > variable that it can only be accessed by trusted EFI binary when > > > > > > secure boot is enabled. > > > > > > > > > > > Okay, this apply to the 'suspend' phase, right? > > > > > I'm still a little confused about the 'resume' phase. > > > > > Taking encryption as example(not signature), > > > > > the purpose of doing hibernation encryption is to prevent other users > > > > > from stealing ram content. Say, user A uses a passphrase to generate the > > > > > > > > No, I don't think that's purpose here. > > > > > > > > Purpose here is to prevent user from reading/modifying kernel memory > > > > content on machine he owns. > > > > > > > Say, A puts his laptop into hibernation and walks away, > > > and B walks by, and opens A's laptop and wakes up the system and he > > > can do what he wants. Although EFI key/TPM trusted key is enabled, > > > currently there's no certification during resume, which sounds > > > unsafe to me. Afterall, the original requirement is to probe > > > > Define unsafe. > > > > If you want security against bad people resuming your machines, please > Yes, this is one of the requirements. > > take a look at existing uswsusp solutions. It defends against that. > > > > If you want security against bad people tampering with your machines > > physically, sorry, there's no way to defend against that. > No, this is not the requirement. > > > > But I thought you were trying to do something for secure boot, and "bad > > person resumes your machine" is out of scope there. > > > Not exactly, secure boot is one solution to meet the requirement. > > So please always explain security against _what kind of attack_ you > > are trying to improve; intelligent communication is not possible > > without that. > > > User requirement: > A is the user, B is the attacker, user A launches a STD and > encrypts A's ram data, then writes these encrypted data onto > the disk, so that: Even if user B has access to the disk, > B could not know the content of A. Which implies: > 1. If B unplugs the disk from A's machine, and plugs the disk onto > another machine, B could not decode the content without A's > 'permission'. > 2. If B is using the same machine as A, even A has walked away leaving > the system suspend, B could not resume to A's context without > A's 'permission'. > > Previously, there are three proposal for this: > a. Enhance the uswsusp(Pavel) > b. Using user provided password to generate the key, for encryption(Yu) Base on your A/B users case. Your requirement is a" resume password", it doesn't really neeed encryption. Of course we can use the password to encrypt image, but it's not the key point for your requirement. > c. Using security boot(TPM or EFI key) for encryption(Joey) > No! The EFI key that relies on secure boot is failed. The only solution is TPM trusted key. I agreed with Ard's comment on my EFI secure key patches: https://lkml.org/lkml/2018/8/5/31 "'Secure boot' is a misnomer, since it is too vague: it should be called 'authenticated boot', and the catch is that authentication using public-key crypto does not involve secrets at all." So the EFI key can not be accepted because the secure boot is not designed for confidentiality. So, please forget EFI key. The only solution to me (or secure boot) is TPM trusted key. My purpose for developing the hibernation encryption/authentication is to prevent that the snapshot image be malicious modified. This will cause that the kernel space is not safe for secure boot (or we call it authenticated boot). In kernel space, we want to use locked-down mode to keep kernel space safe. That's also why I said that user space helper must be authenticated by kernel. It also prevents malicious key can be enroll to kernel space. > Since I was proposing solution b, I'll say a little more about it. > The original idea was that, the user provides a password, then this > password is used to generate the key, which means, if user B has provided > an incorrect password, the kernel will fail to decrypt the data and is > likely to fail the resume process. That is to say, no matter > which physical machine B is using, only if he has provided the > password, he would be able to resume. In the first version, the key > deviration was firstly done in kernel space, which satisfies the > requirement and both saftey. Unfortunately it was rejected and > people would like to see the key generated in user space instead. > However, using user provided key directly is not safe, according > to the discussion in the thread. I don't have good idea on > how to improve this, but only have some workarounds, say, ask the > kernel to use TPM key to protects the user provided 'key', etc. Do not need to combind two purposes to one solution. Your requirement is a "resume password", not snapshot encryption. So we can just encrypt snapshot by TPM encrypted key but still use your tool (or uswsusp) to provide "resume password" to user. It's not conflict. If we still want to use the "resume password" to encrypt snapashot image. That's fine, but hibernation function must be locked-down when kernel runs in lock-down mode. Because "resume password" doesn't help anything in lockdown mode. Unless we found a way to authenticate the user space helper by kernel. Regards Joey Lee