Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp35338imu; Thu, 3 Jan 2019 13:30:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN5ognpGGBNO92gnuGhNDjuQNVXZwaH+CtQHrCZ+4u3emGVdxlETTebdIl5fQKyGcg2+ZecF X-Received: by 2002:a62:b9a:: with SMTP id 26mr50238174pfl.196.1546551022847; Thu, 03 Jan 2019 13:30:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546551022; cv=none; d=google.com; s=arc-20160816; b=Xd6hZKaZtIsrj8440V+XDuu0chhidwCi3NFz6XfqUM7f0QEopgcl5xijI2A8zY5CWi qN5Sqb3njmPTPg95wmS8qEsPeDEwv02AkjtsJdYksZhMj09Lugknfga0XqeAonQVFa2A 9wycnr5lsuTUQZ1SmL6176gA6HW1m92kOI7M8T9NzqLyooISOrT7Zmuyj7A2nZEx0JMq NumUEDjvZINAQlE5diKGBFXOcNgGE2PTc73Xd0YF/kd8qqCNstkFbwrEM2xNmY8zmQcG 8VD6dInDMv8l/ovYAYVPbaybnJyuid0lpjLIO2ro8E5jB95arkRMPPQTIF5/vpkoAPfK hklg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=U8LyK7GEASf9Es0BDGjeJP/s2murtK3VQAlerjTkU1I=; b=q+Wn8kcN/k9rfppmykFDM9kuZbB3pbno22BrHk9MrIjnZkm4FEpxl49JqLwDgD1mMe yx4jJ06ddzpYKGAyfVhr7xe3P37csAxmWE2k2jdFh2dqtfHtXLo7mFOeSTr4XgW+mnP1 OvAsaphX9c24/ob6arh62VXJDKqowLfohitQcmXJ/uSJyMd3e2IO3rrDK3tUdm9J9qwW 9bXPMCav3JzxRXI7OwpN2dzCrf1I4wIb5gEalhp5e/vbpu+C3yFvI9iNyoXhtfd9ROey osSlWWVDfhWOe+5fdp+2rzJSHbM+mT1ySOeBCHYwXcJ2z5ZQpZzb4gClFb7mtotex7Iu WdKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LrtTbPvr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e11si7053051pgf.450.2019.01.03.13.29.34; Thu, 03 Jan 2019 13:30:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LrtTbPvr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731928AbfACOci (ORCPT + 99 others); Thu, 3 Jan 2019 09:32:38 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:45297 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728869AbfACOci (ORCPT ); Thu, 3 Jan 2019 09:32:38 -0500 Received: by mail-pl1-f195.google.com with SMTP id a14so15974128plm.12; Thu, 03 Jan 2019 06:32:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=U8LyK7GEASf9Es0BDGjeJP/s2murtK3VQAlerjTkU1I=; b=LrtTbPvr3TannS2qz+7mHcNtdT4jOIgayHuyLZbvLMWQbMbp/JYpRCsWQcL35sq8sN KwoD+Ah+37aiGE/dDEs4tWgkvb+CclNAaLXGyDK+FM9bTU4hmhuT9863BZir0DNmEF+T mb1qPFx48a2PU3q7ZXSloXCq5A7KdzHgSQra1TNdU39HMrCwXIXLO9cEVs6a222lP6r5 GUoX5uhQZbLW264kBXxroo9KaHxw+MHjdQ2CGSgm1pcTusz0A90cYHZMabXTs26hrUel w8+L2L5yV1umIFo8GIOzANN4fRlNzxa6Xshu1iVsFxvlJqwMa3Ent3HP0S/MEZD6pjxj FWGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=U8LyK7GEASf9Es0BDGjeJP/s2murtK3VQAlerjTkU1I=; b=ooYxZkLosehY3qODf4PL+OikkoOB2Whsbt3Fet+wDfhLYy+WZg1NqZEhsNM8NHlKr8 rcmuHElO2I/mK6ua95dyo8fnFh+2ZxSHK9tYISOrHa11sPe0SHZv5TCUshOZcwxpi8lV RMi/xxtZFne91U3kN+z9+N38vs/ngGs/2rNSpwx8Mv5tBZNiAj5mFanXZN8jzevgHtAL BZgZN5gQ++FlPQl5HvDS4KELt4/WuPqj8WyXqLgFuSmsz0u/lMfOHISphOG4FX+AeJUF HX7Xrzjfug5tdgd845DscA1VB7uEaParFmguRZ89TCO4g4mvMv+/nxqnvyD0RtLedwPi 1gDQ== X-Gm-Message-State: AJcUukdBAIqF7Xdh6AreDkxTr0EpUH82S28PD3c6St/1xEWzkg3Pe44N 9L5M/ABVizNJavHSlmzO5TI= X-Received: by 2002:a17:902:9006:: with SMTP id a6mr46586597plp.334.1546525957295; Thu, 03 Jan 2019 06:32:37 -0800 (PST) Received: from linux-l9pv.suse ([124.11.22.254]) by smtp.gmail.com with ESMTPSA id x3sm184403100pgt.45.2019.01.03.06.32.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 03 Jan 2019 06:32:35 -0800 (PST) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: "Rafael J . Wysocki" , Pavel Machek Cc: linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Lee, Chun-Yi" , "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Date: Thu, 3 Jan 2019 22:32:22 +0800 Message-Id: <20190103143227.9138-1-jlee@suse.com> X-Mailer: git-send-email 2.12.3 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, This patchset is the implementation of encryption and authentication for hibernate snapshot image. The image will be encrypted by AES and authenticated by HMAC. The hibernate function can be used to snapshot memory pages to an image, then kernel restores the image to memory space in a appropriate time. There have secrets in snapshot image and cracker may modifies it for hacking system. Encryption and authentication of snapshot image can protect the system. Hibernate function requests the master key through key retention service. The snapshot master key can be a trusted key or a user defined key. The name of snapshot master key is fixed to "swsusp-kmk". User should loads swsusp-kmk to kernel by keyctl tool before the hibernation resume. e.g. The swsusp-kmk must be loaded before systemd-hibernate-resume The TPM trusted key type is preferred to be the master key. But user defined key can also be used for testing or when the platform doesn't have TPM. User must be aware that the security of user key relies on user space. If the root account be compromised, then the user key will easy to be grabbed. v2: - Fixed bug of trusted_key_init's return value. - Fixed wording in Kconfig - Removed VLA usage - Removed the checking of capability for writing disk_kmk. - Fixed Kconfig, select trusted key. - Add memory barrier before setting key initialized flag. - Add memory barrier after cleaning key initialized flag. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Chen Yu Cc: Oliver Neukum Cc: Ryan Chen Cc: David Howells Cc: Giovanni Gherdovich Cc: Randy Dunlap Cc: Jann Horn Cc: Andy Lutomirski Signed-off-by: "Lee, Chun-Yi" Lee, Chun-Yi (5): PM / hibernate: Create snapshot keys handler PM / hibernate: Generate and verify signature for snapshot image PM / hibernate: Encrypt snapshot image PM / hibernate: Erase the snapshot master key in snapshot pages PM / hibernate: An option to request that snapshot image must be authenticated Documentation/admin-guide/kernel-parameters.txt | 6 + include/linux/kernel.h | 3 +- kernel/panic.c | 1 + kernel/power/Kconfig | 25 + kernel/power/Makefile | 1 + kernel/power/hibernate.c | 59 ++- kernel/power/power.h | 59 +++ kernel/power/snapshot.c | 576 +++++++++++++++++++++++- kernel/power/snapshot_key.c | 312 +++++++++++++ kernel/power/swap.c | 6 + kernel/power/user.c | 12 + 11 files changed, 1042 insertions(+), 18 deletions(-) create mode 100644 kernel/power/snapshot_key.c -- 2.13.6