Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2801073imu;
        Sun, 6 Jan 2019 10:12:51 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7kPtkUU+lnP0nu0hPgBcXyI3t/jSdDtqsiGRGi8QidZpvROt8Fv2qgxtPDfAqyVK5G+25K
X-Received: by 2002:a63:1a0c:: with SMTP id a12mr8206666pga.157.1546798371561;
        Sun, 06 Jan 2019 10:12:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546798371; cv=none;
        d=google.com; s=arc-20160816;
        b=teBN/XBMI+GTObUJSiDzB4d5dLDcxECglHKW72Kgn1waAp5e5pBW8nt4izlnYzIdVO
         4SC3tydqBOh6HJEcCFuEtKbtLqP83zWHV/gIRm85gzZruwQ+hOJkt/xSXllKkiEuO0ST
         ocGpfY54IOH+1JpY8uGW3uO83F0adXupeg6ryrggzGwTgaNsCR4jSeydxKtdQkt1sOir
         NZJ0HkRLqqfB8DAqfBscNd4evvOzgz7Q0tgXnOJpdCK4VLuubf65twkjRV5NWsfeIVMR
         d6uEq5SuX5ifyVPCe2XilcfuLNO6dBQDqYTRK9WzENMNe8pCf6wLsoE3GRq9ZQhVjxPU
         Efog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=SzUSaGJQylX3ijBNwihum6K1pZBSGMSpVcT8/LChtNY=;
        b=At/X/vVSKE1AjQx69MVDCTUj5+o643hD2LEOWOArNV+KiCnAmUA74d45kd0yw0oV4t
         uv6dKiExgLtPxroAUicdnFpyrvm5B+O6/o5HdTLnB1uIaxcaECVWc+byFjH6haV0JsBp
         TZ3QqdTTQYXrrFlHab+l4sO/z70mXA3BIWS3KR/+Jkoeb1da9gchCCTLAzq2IBpNNZDU
         UbBhfVHHNYKN48d0SBO0caFql3X7kfge3LSVpNIt2Sxv4KFwBcoxDguI0+2P32uaz9k2
         mWKPv88a0uPi8Cc9k3kcxdqQfa9LQgBs7Mxk2RYYn9Zw6uu8H81PNo58b+BJXM07yNKC
         H2uQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j10si9249379plg.123.2019.01.06.10.12.22;
        Sun, 06 Jan 2019 10:12:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726087AbfAFSKc (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Sun, 6 Jan 2019 13:10:32 -0500
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:37537 "EHLO
        atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726014AbfAFSKb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 6 Jan 2019 13:10:31 -0500
Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512)
        id 8BE70809BC; Sun,  6 Jan 2019 19:10:22 +0100 (CET)
Date:   Sun, 6 Jan 2019 19:10:27 +0100
From:   Pavel Machek <pavel@ucw.cz>
To:     "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
Cc:     "Rafael J . Wysocki" <rjw@rjwysocki.net>,
        linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
        keyrings@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
        Chen Yu <yu.c.chen@intel.com>,
        Oliver Neukum <oneukum@suse.com>,
        Ryan Chen <yu.chen.surf@gmail.com>,
        David Howells <dhowells@redhat.com>,
        Giovanni Gherdovich <ggherdovich@suse.cz>,
        Randy Dunlap <rdunlap@infradead.org>,
        Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate
 snapshot image
Message-ID: <20190106181026.GA15256@amd>
References: <20190103143227.9138-1-jlee@suse.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline
In-Reply-To: <20190103143227.9138-1-jlee@suse.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

> This patchset is the implementation of encryption and authentication
> for hibernate snapshot image. The image will be encrypted by AES and
> authenticated by HMAC.

Ok, so you encrypt.=20

> The hibernate function can be used to snapshot memory pages to an image,
> then kernel restores the image to memory space in a appropriate time.
> There have secrets in snapshot image and cracker may modifies it for
> hacking system. Encryption and authentication of snapshot image can prote=
ct
> the system.
>=20
> Hibernate function requests the master key through key retention service.
> The snapshot master key can be a trusted key or a user defined key. The
> name of snapshot master key is fixed to "swsusp-kmk". User should loads
> swsusp-kmk to kernel by keyctl tool before the hibernation resume.
> e.g. The swsusp-kmk must be loaded before systemd-hibernate-resume

But if userspace has a key, encryption is useless against root.

> The TPM trusted key type is preferred to be the master key. But user
> defined key can also be used for testing or when the platform doesn't
> have TPM. User must be aware that the security of user key relies on
> user space. If the root account be compromised, then the user key will
> easy to be grabbed.

In the TPM case, does userland have access to the key?=20

Please explain your security goals.

								Pavel


> Lee, Chun-Yi (5):
>   PM / hibernate: Create snapshot keys handler
>   PM / hibernate: Generate and verify signature for snapshot image
>   PM / hibernate: Encrypt snapshot image
>   PM / hibernate: Erase the snapshot master key in snapshot pages
>   PM / hibernate: An option to request that snapshot image must be
>     authenticated
>=20
>  Documentation/admin-guide/kernel-parameters.txt |   6 +
>  include/linux/kernel.h                          |   3 +-
>  kernel/panic.c                                  |   1 +
>  kernel/power/Kconfig                            |  25 +
>  kernel/power/Makefile                           |   1 +
>  kernel/power/hibernate.c                        |  59 ++-
>  kernel/power/power.h                            |  59 +++
>  kernel/power/snapshot.c                         | 576 ++++++++++++++++++=
+++++-
>  kernel/power/snapshot_key.c                     | 312 +++++++++++++
>  kernel/power/swap.c                             |   6 +
>  kernel/power/user.c                             |  12 +
>  11 files changed, 1042 insertions(+), 18 deletions(-)
>  create mode 100644 kernel/power/snapshot_key.c
>=20

--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlwyRJIACgkQMOfwapXb+vKbGwCgqdFS+SAxvg8NHhZw8KSTwtEn
xgMAn1tZyKl+ZiX2ewpAPAipm+wK6brO
=lr4D
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--